JMV 12.a High Level Lab Guide PDF

Junos MPLS and VPNs
HIGH LEVEL LAB GUIDE Revision 1'.a

Copyright 201(
EDU-JUN-JMV, Revision 1'.a

Junos MPLS and VPNs
12.a
High-Level Lab Guide
Worldwide Education Services
1194 North Mathilda Avenue

Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Course Number: EDU-JUN-JMV

This document is produced by Juniper Networks, Inc.
This document or any part thereof may not be reproduced or transmitted in any form under penalty of law, without the prior written permission of Juniper Networks
Education Services.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other
countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered
trademarks, or registered service marks are the property of their respective owners.
Junos MPLS and VPNs High-Level Lab Guide, Revision 12.a
Copyright © 20 Juniper Networks, Inc. All rights reserved.
Printed in USA.
Revision History:
Revision 10.a—December 2010
Revision 12.a—June 2013
The information in this document is current as of the date listed above.
The information in this document has been carefully verified and is believed to be accurate for software Release 12.3R2.5. Juniper Networks assumes no
responsibilities for any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary,
incidental, or consequential damages resulting from any defect or omission in this document, even if advised of the possibility of such damages.
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has
no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an
agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and
agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper
Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should
consult the software license for further details.
Contents
Lab 1: MPLS Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Part 1: Configuring Network Interfaces and Baseline Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Part 2: Configuring Customer Edge Router and Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 1-5
Part 3: Configuring a Static LSP Through the Core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
Lab 2: Label Distribution Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Part 1: Configuring Customer Edge Router and Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Part 2: Configuring RSVP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
Part 3: Configuring a Explicit Route Object (ERO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
Part 4: Configuring LDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-10
Part 5: Changing the Default Route Preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-11
Lab 3: CSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Part 1: Creating the Baseline Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Part 2: Enabling the TED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Part 3: Configuring RSVP-Signaled LSPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Part 4: Adding Administrative Groups to Core-Facing Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
Part 5: Configuring LSPs to Take Gold, Silver, and Bronze Paths Using CSPF . . . . . . . . . . . . . . . . 3-7
Lab 4: Traffic Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Part 2: Redistributing Routes into BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
Part 3: Creating an LSP to the Remote PE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
Part 4: Configuring a Secondary Path for Added Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
Part 5: Configuring Secondary Standby Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
Part 6: Examining a Secondary/Secondary Protected LSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9
Part 7: Examining a Fast-Reroute Protected LSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-11
Part 8: Examining Link and Node-Link Protected RSVP LSPs . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-12
Part 9: Configuring LDP Link Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-13
Lab 5: Fate Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

Part 2: Creating an LSP to the Remote PE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Part 3: Configuring Fate Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Part 4: Configuring SRLGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Part 5: Configuring Extended Admin Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8
Lab 6: Miscellaneous MPLS Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1

Part 1: Configuring the Baseline Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Part 2: Configuring a RSVP LSP to Install a Route in the Table . . . . . . . . . . . . . . . . . . . . 6-4
Part 3: Configuring MPLS Traffic Engineering to Install an Route . . . . . . . . . . . . . . . . . . 6-6
Part 4: Using Policy to Control LSP Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7
Part 5: Using LSP Metric to Control LSP Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9
Part 6: Configuring Your Router to Not Decrement the TTL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-10
Part 7: Configuring Your Router to Signal Explicit Null . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-11
Part 8: Configuring Your Router to Automatically Adjust the RSVP Reservation Based on Observed
Bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-12
Part 9: Using MPLS Ping to Verify LSP Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-12
Contents • iii
Lab 7: L3VPN Static and BGP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling . . . . . . . . .7-2
Part 2: Establishing an RSVP Signaled LSP Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . .7-5
Part 3: Verify CE Router Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-6
Part 4: Configuring the PE to CE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-7
Part 5: Configuring a Layer 3 VPN Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-7
Part 6: Configuring Static Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . . .7-8
Part 7: Configuring BGP Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . . 7-10
Lab 8: Route Reflection and Internet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1

Part 2: Verify CE Router Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-5
Part 3: Configuring the PE to CE Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-6
Part 4: Configuring Two Layer 3 VPN Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-7
Part 5: Configuring BGP Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . . . .8-9
Part 6: Implementing Route Target Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-13
Part 7: Configuring Internet Access Using a Non-VRF Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 8-15
Lab 9: GRE Tunnel Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1

Part 2: Verifying CE Router Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-4
Part 3: Configuring the PE to CE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-6
Part 4: Configuring a Layer 3 VPN Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-6
Part 5: Configuring OSPF Routing Between the PE and CE Routers . . . . . . . . . . . . . . . . . . . . . . . .9-7
Part 6: Establishing a GRE Tunnel Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-9
Part 7: Creating and Adding a Static Route to
Part 8: Redistributing BGP Routes into OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-11
Lab 10: BGP Layer 2 VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1

Part 1: Creating the Baseline SP Network and Enabling PE for Layer 2 VPN Signaling . . . . . . . 10-2
Part 2: Configuring the PE to CE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-5
Part 3: Configuring a BGP Layer 2 VPN Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-6
Part 4: Configuring Routing Protocols on the CE Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-8
Lab 11: Circuit Cross-Connect and LDP Layer 2 Circuits . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

Part 1: Creating the Baseline SP Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2
Part 2: Establishing an RSVP-Signaled LSP Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . 11-4
Part 3: Configuring the PE to CE Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-5
Part 4: Configuring a LDP Layer 2 Circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-6
Part 5: Configuring Routing Protocols on the CE Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-7
Part 6: Configuring a CCC Connection Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-8
Lab 12: VPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-1

Part 1: Creating the Baseline SP Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-2
Part 2: Verifying the Customer Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-4
Part 3: Configuring a Virtual Switch Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-5
Part 4: Configuring an LDP VPLS Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-6
Part 5: Using MSTP to Prevent a Layer 2 Loop in a VPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-8
Part 6: Adding a Subinterface to the Customer Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-10
Part 7: Configuring the Virtual Switch Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-10
Part 8: Configuring a BGP VPLS with Redundant Links between CE and PE Routers . . . . . . . 12-11
iv • Contents
Lab 13: Carrier-of-Carriers VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-1
Part 1: Creating the Baseline SP Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-2
Part 2: Establishing an RSVP-Signaled LSP Between PE Routers . . . . . . . . . . . . . . . . . . . . . . . . .13-5
Part 3: Configuring the Subscriber CE Router Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-6
Part 4: Configuring a Layer 3 VPN on the Provider PE Routers . . . . . . . . . . . . . . . . . . . . . . . . . . .13-7
Part 5: Configuring the Customer CE Logical System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-8
Part 6: Configuring the Customer PE Logical System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-11
Part 7: Placing IBGP Learned Routes in
Part 8: Configuring a BGP VPLS Between Customer PE Routers . . . . . . . . . . . . . . . . . . . . . . . . 13-14
Lab 14: MVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-1

Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 MVPN Signaling . . . . . .14-2
Part 2: Verifying Remote CE Router Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-5
Part 3: Configuring the PE to Source Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-8
Part 4: Configuring a Layer 3 VPN Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-10
Part 5: Configuring the MVPN using Inclusive RSVP-signaled P2MP LSP . . . . . . . . . . . . . . . . . 14-12
Part 6: Configuring a Selective Provider Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-16
Contents • v
vi • Contents
Course Overview
This five-day course is designed to provide students with MPLS-based virtual private network (VPN)
knowledge and configuration examples. The course includes an overview of MPLS concepts such
as control and forwarding plane, RSVP Traffic Engineering, LDP, Layer 3 VPNs, BGP Layer 2 VPNs,
LDP Layer 2 Circuits, and virtual private LAN service (VPLS). This course also covers Junos
operating system-specific implementations of Layer 2 control instances and active interface for
VPLS.
Through demonstrations and hands-on labs, students will gain experience in configuring and
monitoring the Junos OS and in device operations. This course uses Juniper Networks MX Series
3D Universal Edge Routers for the hands-on component, but the lab environment does not
preclude the course from being applicable to other Juniper hardware platforms running the
Junos OS. This course is based on the Junos OS Release 12.3R2.5.
Objectives
After successfully completing this course, you should be able to:
• Explain common terms relating to MPLS.
• Explain routers and the way they forward MPLS packets.
• Explain packet flow and handling through a label-switched path (LSP).
• Describe the configuration and verification of MPLS forwarding.
• Understand the information in the Label Information Base.
• Explain the two label distribution protocols used by the Junos OS.
• Configure and troubleshoot RSVP-signaled and LDP-signaled LSPs.
• Explain the constraints of both RSVP and LDP.
• Explain the path selection process of RSVP without the use of the Constrained
Shortest Path First (CSPF) algorithm.
• Explain the Interior Gateway Protocol (IGP) extensions used to build the Traffic
Engineering Database (TED).
• Describe the CSPF algorithm and its path selection process.
• Describe administrative groups and how they can be used to influence path selection.
• Explain the behavior of inter-area traffic engineered LSPs
• Describe the default traffic protection behavior of RSVP-Signaled LSPs.
• Explain the use of primary and secondary LSPs.
• Explain LSP priority and preemption.
• Describe the operation and configuration of fast reroute.
• Describe the operation and configuration of link and node protection.
• Describe the LSP optimization options.
• Describe the behavior of fate sharing.
• Describe how SRLG changes the CSPF algorithm when computing the path of a
secondary LSP.
• Explain how extended admin groups can be used to influence path selection.
• Explain the purpose of several miscellaneous MPLS features.
• Explain the definition of the term “Virtual Private Network”.
• Describe the differences between provider-provisioned and customer-provisioned
VPNs.
www.juniper.net Course Overview • vii

• Describe the differences between Layer 2 VPNs and Layer 3 VPNs.
• Explain the features of provider-provisioned VPNs supported by the Junos OS.
• Explain the roles of Provider (P) routers, Provider Edge (PE) routers, and Customer
Edge (CE) routers.
• Describe the VPN-IPv4 address formats.
• Describe the route distinguisher use and formats.
• Explain the RFC 4364 control flow.
• Create a routing instance, assign interfaces, create routes, and import and export
routes within the routing instance using route distinguishers and route targets.
• Explain the purpose of BGP extended communities and how to configure and use
these communities.
• Describe the steps necessary for proper operation of a PE to CE dynamic routing
protocol.
• Configure a simple Layer 3 VPN using a dynamic CE-PE routing protocol.
• Describe the routing-instance switch.
• Explain the issues with the support of traffic originating on multi-access VPN routing
and forwarding table (VRF table) interfaces.
• Use operational commands to view Layer 3 VPN control exchanges.
• Use operational commands to display Layer 3 VPN VRF tables.
• Monitor and troubleshoot PE-CE routing protocols.
• Describe the four ways to improve Layer 3 VPN scaling.
• Describe the three methods for providing Layer 3 VPN customers with Internet access.
• Describe how the auto-export command and routing table groups can be used to
support communications between sites attached to a common PE router.
• Describe the flow of control and data traffic in a hub-and-spoke topology.
• Describe the various Layer 3 VPN class-of-service (CoS) mechanisms supported by
the Junos OS.
• Explain the Junos OS support for generic routing encapsulation (GRE) and IP Security
(IPsec) tunnels in Layer 3 VPNs.
• Describe the purpose and features of a BGP Layer 2 VPN.
• Describe the roles of a CE device, PE router, and P router in a BGP Layer 2 VPN.
• Explain the flow of control traffic and data traffic for a BGP Layer 2 VPN.
• Configure a BGP Layer 2 VPN and describe the benefits and requirements of
over-provisioning.
• Monitor and troubleshoot a BGP Layer 2 VPN.
• Explain the BGP Layer 2 VPN scaling mechanisms and route reflection.
• Describe the Junos OS BGP Layer 2 VPN CoS support.
• Describe the flow of control and data traffic for an LDP Layer 2 circuit.
• Configure an LDP Layer 2 circuit.
• Monitor and troubleshoot an LDP Layer 2 circuit.
• Describe and configure circuit cross-connect (CCC) MPLS interface tunneling.
• Describe the difference between Layer 2 MPLS VPNs and VPLS.
• Explain the purpose of the PE device, the CE device, and the P device.
viii • Course Overview www.juniper.net

• Explain the provisioning of CE and PE routers.
• Describe the signaling process of VPLS.
• Describe the learning and forwarding process of VPLS.
• Describe the potential loops in a VPLS environment.
• Configure BGP and LDP VPLS.
• Troubleshoot VPLS.
• Describe the Junos OS support for carrier of carriers.
• Describe the Junos OS support for interprovider VPNs.
Intended Audience
This course benefits individuals responsible for configuring and monitoring devices running the
Junos OS.
Course Level
Junos MPLS and VPNs (JMV) is an advanced-level course.
Prerequisites
Students should have intermediate-level networking knowledge and an understanding of the Open
Systems Interconnection (OSI) model and the TCP/IP protocol suite. Students should also attend
the Introduction to the Junos Operating System (IJOS), Junos Routing Essentials (JRE), and Junos
Service Provider Switching (JSPX) courses prior to attending this class.
www.juniper.net Course Overview • ix

Course Agenda
Day 1
Chapter 1: Course Introduction
Chapter 2: MPLS Fundamentals
MPLS Fundamentals Lab
Chapter 3: Label Distribution Protocols
Label Distribution Protocols Lab
Chapter 4: Constrained Shortest Path First
CSPF Lab
Day 2
Chapter 5: Traffic Protection and LSP Optimization
Traffic Protection Lab
Chapter 6: Fate Sharing
Fate Sharing Lab
Chapter 7: Miscellaneous MPLS Features
Miscellaneous MPLS Features Lab
Chapter 8: VPN Review
Chapter 9: Layer 3 VPNs
Day 3
Chapter 10: Basic Layer 3 VPN Configuration
Layer 3 VPN with Static and BGP Routing Lab
Chapter 11: Troubleshooting Layer 3 VPNs
Chapter 12: Layer 3 VPN Scaling and Internet Access
Route Reflection and Internet Access Lab
Chapter 13: Layer 3 VPNs—Advanced Topics
GRE Tunnel Integration Lab
Day 4
Chapter 14: BGP Layer 2 VPNs
BGP Layer 2 VPNs Lab
Chapter 15: Layer 2 VPN Scaling and CoS
Chapter 16: LDP Layer 2 Circuits
Circuit Cross-Connect and LDP Layer 2 Circuits Lab
Chapter 17: Virtual Private LAN Service
x • Course Agenda www.juniper.net

Day 5
Chapter 18: VPLS Configuration
VPLS Lab
Chapter 19: Interprovider VPNs
Carrier-of-Carriers VPNs Lab
Appendix A: Multicast VPNs
MVPN Lab
www.juniper.net Course Agenda • xi

Document Conventions
CLI and GUI Text

Frequently throughout this course, we refer to text that appears in a command-line interface (CLI)
or a graphical user interface (GUI). To make the language of these documents easier to read, we
distinguish GUI and CLI text from chapter text according to the following table.
Style Description Usage Example
Franklin Gothic Normal text. Most of what you read in the Lab Guide
and Student Guide.
Console text:
• Screen captures
• Noncommand-related
syntax
GUI text elements:
Select , and then click
• Menu names in the
text box.
• Text field entry
Input Text Versus Output Text

You will also frequently see cases where you must enter input text yourself. Often these instances
will be shown in the context of where you must enter them. We use bold style to distinguish text
that is input versus text that is simply displayed.
No distinguishing variant.
View configuration history by clicking

.
CLI Input Text that you must enter. show route

GUI Input Select , and type
config.ini in the field.
Defined and Undefined Syntax Variables

Finally, this course distinguishes between regular text and syntax variables, and it also
distinguishes between syntax variables where the value is already assigned (defined variables) and
syntax variables where you must assign the value (undefined variables). Note that these styles can
be combined with the input style as well.
CLI Variable Text where variable value is my-peers

already assigned.
GUI Variable
Click my-peers in the dialog.
CLI Undefined Text where the variable’s value Type set policy policy-name.
is the user’s discretion and text
ping 10.0.x.y
where the variable’s value as
GUI Undefined shown in the lab guide might Select , and type
differ from the value the user filename in the field.
must input.
xii • Document Conventions www.juniper.net

Additional Information
Education Services Offerings

You can obtain information on the latest Education Services offerings, course dates, and class
locations from the World Wide Web by pointing your Web browser to:
http://www.juniper.net/training/education/.
About This Publication
The Junos MPLS and VPNs Detailed Lab Guide was developed and tested using software Release
12.3R2.5. Previous and later versions of software might behave differently so you should always
consult the documentation and release notes for the version of code you are running before
reporting errors.
This document is written and maintained by the Juniper Networks Education Services development
team. Please send questions and suggestions for improvement to training@juniper.net.
Technical Publications
You can print technical manuals and release notes directly from the Internet in a variety of formats:
• Go to http://www.juniper.net/techpubs/.
• Locate the specific software or hardware release and title you need, and choose the
format in which you want to view or print the document.
Documentation sets and CDs are available through your local Juniper Networks sales office or
account representative.
Juniper Networks Support
For technical support, contact Juniper Networks at http://www.juniper.net/customers/support/, or
at 1-888-314-JTAC (within the United States) or 408-745-2121 (from outside the United States).
www.juniper.net Additional Information • xiii

xiv • Additional Information www.juniper.net
Lab
MPLS Fundamentals
Overview
This lab demonstrates configuration and monitoring of multiprotocol label switched path
(MPLS) static label switched path (LSP) features on devices running the Junos operating
system. In this lab, you use the command-line interface (CLI) to configure and monitor
network interfaces, Open Shortest Path First (OSPF), Border Gateway Protocol (BGP),
Virtual Routers and static MPLS LSPs.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
• Configure and verify proper operation of network interfaces.
• Configure and verify OSPF, BGP, and a virtual router.
• Configure and monitor a MPLS static LSP.
www.juniper.net MPLS Fundamentals • Lab 1–1

Junos MPLS and VPNs
Part 1: Configuring Network Interfaces and Baseline Protocols
In this lab part, you will be using the lab diagram for part 1. You will configure
network interfaces on your assigned device. You will then verify that the interfaces
are operational and that the system adds the corresponding routing table entries for
the configured interfaces. After verifying your interfaces, you will configure the router
to participate in the OSPF area 0.0.0.0. Once you have completed this, you will set
up a internal BGP (IBGP) peering with the remote team’s router.
Note
The instructor will tell you the nature of your
access and will provide you with the
necessary details to access your assigned
device.
Step 1.1
Ensure that you know to which device you are assigned. Check with your instructor if
necessary.
Step 1.2
Consult the management network diagram, provided by your instructor, to determine
your device’s management address.
Question: What is the management address

assigned to your station?
Step 1.3
Access the CLI at your station using either the console, Telnet, or Secure Shell (SSH)
as directed by your instructor. The following example shows simple Telnet access to
mxA-1 using the Secure CRT program.
Lab 1–2 • MPLS Fundamentals www.juniper.net

Junos MPLS and VPNs
Step 1.4
Log in as user lab with the password supplied by your instructor. Enter
configuration mode and load the reset configuration file
jmv/lab1-start.config and commit.
Step 1.5
Navigate to the hierarchy level. Refer to the network
diagram and configure the interfaces for your assigned device. Use the virtual local
area network (VLAN) ID as the logical unit value for the tagged interface. Use logical
unit 0 for all other interfaces. Remember to configure the loopback interface!
Step 1.6
Display the interface configuration and ensure that it matches the details outlined
on the network diagram for this lab. When you are comfortable with the interface
configuration, issue the commit-and-quit command to activate the
configuration and return to operational mode.
Step 1.7
Issue the show interfaces terse command to verify the current state of the
recently configured interfaces.
Question: What are the and states for

the recently configured interfaces?
Step 1.8
Issue the show route command to view the current route entries.
Question: Does the routing table display an entry for

all local interface addresses and directly connected
networks?
Question: Are any routes currently hidden?
Step 1.9
Enter in to configuration mode and navigate to the
hierarchy level. Configure the core facing interfaces in area 0.0.0.0. Remember to
add the loopback interface.
Step 1.10
Activate the configuration changes and exit to operational mode. Issue the show
ospf neighbor command.

Junos MPLS and VPNs
Question: Which neighbor state is shown for the
listed interfaces?
Note
Before proceeding, ensure that the remote
student team in your pod finishes the
previous steps.
Step 1.11
Using the ping utility, verify reachability to remote team’s interfaces. Remember to
verify the loopback address.
Question: Are the ping tests successful?
Step 1.12
Enter configuration mode and define the autonomous system number designated
for your network. Refer to the network diagram as necessary.
Step 1.13
Navigate to the hierarchy level. Configure a BGP group
named my-int-group that establishes an internal BGP peering session with the
remote team’s PE router. Refer to the network diagram for this lab as necessary.
Step 1.14
Issue the run show bgp summary command to view the current BGP summary
information for your device.
Question: How many BGP neighbors does your

router currently list?
Question: Does your session show an

state?
STOP Do not proceed until the remote team finishes Part 1.

Junos MPLS and VPNs
Part 2: Configuring Customer Edge Router and Network Interfaces
In this lab part, you will reference the lab diagram for parts 2 and 3. You will
configure a virtual router instance on your router, representing the customer edge
(CE) router. You will configure the interfaces and networks needed to establish a
external BGP (EBGP) peering between the customer edge router and your provider
edge (PE) router. You will first configure your virtual router and all interfaces for both
routers. Second you will configure the EBGP peering session between the two
routers. Next you will advertise your loopback address from your
CE device to your PE router. You will share these routes with your IBGP peer.
Step 2.1
Refer to the lab diagram to ensure you navigate to the correct virtual router name.
Navigate to the instance-name hierarchy and
configure the instance to behave as a virtual router. Configure the interfaces that
should be members of the virtual router. Make sure you include a loopback
interface.
Step 2.2
Review the virtual router configuration up to this point by issuing the command
show.
Question: Do you see any issues with the current

configuration?
Step 2.3
Navigate to the hierarchy. Configure both physical
interfaces required for the connection to the virtual router. Configure unit 1 under
the loopback interface. Consult the network diagram for proper IP addressing. After
verifying your configuration, commit and exit to operational mode to verify
connectivity.
Step 2.4
Verify connectivity from your CE router to your PE router using the ping utility.
Note
Use Ctrl + c to stop a continuous ping
operation.
Step 2.5
Return to configuration mode and configure the main instance (PE) to establish an
EBGP peering session, named my-ext-group, to your virtual router (CE). Verify
configuration looks correct before moving on. Please refer to the network diagram
for appropriate peer autonomous system numbers.

Junos MPLS and VPNs
Question: Do you have to configure the group type
as ?
Step 2.6
configure the autonomous system for the virtual router (CE). Next configure the
EBGP group named my-ext-group, on the CE router. Once you are satisfied with
the configuration commit and verify that the neighbor relationship is established
before moving on to the next step.
Question: Is your EBGP peering established

between your PE and CE routers?
Question: Are you sending any routes from your CE

router?
Step 2.7
Navigate to the hierarchy and configure a policy
named . Allow your CE router’s loopback address to be
exported. After creating the policy, navigate to the virtual router and apply this new
policy as an export policy to your EBGP group. Commit and exit to operational mode
after you are satisfied with your configuration.
Step 2.8
Verify that you are advertising the loopback address to your EBGP peer. Next verify
you are advertising the EBGP route from your PE router to your IBGP peer.
Note
previous steps.
Step 2.9
Verify that you are receiving the remote CE loopback from your IBGP neighbor. The
total destination routes may differ in your outputs.

Junos MPLS and VPNs
Question: Where is the route the remote peer is
advertising to us?
Step 2.10
Take an extensive look at the hidden route and determine why the route is hidden.
Question: Why is the protocol (BGP) next hop for the

route? Which router in the topology owns that
address?
Question: Why is the route hidden?
Question: How do you fix this problem and get the

route to be a usable route?
Step 2.11
Enter into configuration mode. Navigate to the
hierarchy and create the policy named nhs. Configure this policy to take all bgp
routes learned from your CE neighbor and change the next-hop to itself before
advertising these routes to your remote IBGP peer. Apply this policy as an export
policy to the BGP group my-int-group. After you are satisfied with your policy and
configuration commit your changes and exit to operational mode.
Note
previous steps.
Step 2.12
Verify that the route to the remote CE router’s loopback address is now usable and
installed in the routing table.
Question: Do you see the route now?

Junos MPLS and VPNs
Step 2.13
Verify that you are receiving and installing the route to the remote CE router in your
virtual router.
Question: Is the route present in your CE routing

table?
Part 3: Configuring a Static LSP Through the Core
In this lab part, you will reference the lab diagram for parts 2 and 3. You will
configure a static LSP that will be used for traffic that is destined to the network
connected to the remote PE router. After configuring the LSP we will verify CE to CE
router communication through the static LSP.
Step 3.1
Enter into configuration mode and navigate to the
hierarchy. Configure the core facing interface to allow MPLS traffic.
Step 3.2
Navigate to hierarchy and add the
statement. As good practice please be sure to disable the management interface.
Step 3.3
Commit the configuration changes. Issue the run show route table mpls.0
command to verify that the MPLS table has been created.
Question: What are the routes that you see?
Step 3.4
Review the interfaces that are participating in MPLS to ensure that we have the
proper configuration by executing the run show mpls interface command.
Question: What interface do you see?

Junos MPLS and VPNs
Step 3.5
Create a static LSP named my-static-lsp with the egress address of the remote
PE loopback.
Step 3.6
Navigate to the
hierarchy. Configure the next-hop for the LSP and
assign the appropriate label to the LSP. Please consult the lab diagram for the path
and label to be assigned. Review your configuration and after you are satisfied with
the configuration, commit the changes and exit to operational mode.
Step 3.7
Issue the show mpls static-lsp ingress command to view the current
status of the recently configured LSP.
Question: What is the state of the static LSP?
Step 3.8
Review the route being used for the remote CE router’s loopback by issuing the
show route remote-ce-loopback-address command.
Question: How do you determine that the static LSP

is going to be used when directing traffic to this
destination?
Step 3.9
Look at the traffic statistics for traffic traversing our new LSP. Execute the show
mpls static-lsp statistics ingress command to view the statistics for
the traffic the enters the LSP at this router.
Step 3.10
Test the LSP by using the ping utility from the virtual router by executing the ping
remote-ce-loopback source local-ce-loopback count 10 rapid
routing-instance instance-name command.
Step 3.11
Look at the LSP statistics to verify that the traffic traversed the LSP.
Question: How many packets do you see that

traversed through the LSP?

Junos MPLS and VPNs
Step 3.12
Log out of your assigned device using the exit command.
STOP Tell your instructor that you have completed this lab.

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Lab
Label Distribution Protocols
Overview
This lab demonstrates configuration and monitoring of Resource Reservation Protocol
(RSVP) and Label Distribution (LDP) signaled label switched path (LSP) features on
routers running the Junos operating system. In this lab, you use the command-line
interface (CLI) to configure and monitor network interfaces, Border Gateway Protocol
(BGP), Virtual Routers, RSVP LSPs, and LDP LSPs.
• Configure and verify proper operation of network interfaces.
• Configure and verify BGP, and a virtual router.
• Configure and monitor a RSVP LSP.
• Modify RSVP LSP by explicitly defining path requirements.
• Configure and monitor a LDP LSP.
• Manipulate the default behavior of RSVP and LDP, depending on network
requirements.
www.juniper.net Label Distribution Protocols • Lab 2–1

Junos MPLS and VPNs
Part 1: Configuring Customer Edge Router and Network Interfaces
In this lab part, you will configure the virtual router representing the customer edge
(CE) router. You will load a configuration that will automatically configure the
interfaces and networks needed to establish an external BGP (EBGP) peering
between your customer edge router and your provider edge (PE) router. The loaded
configuration will configure your virtual router and all interfaces for both routers and
also configure the EBGP peering session between the two routers. You will then
configure your CE router to advertise the loopback address from your CE device to
your PE router. Your PE router will share these routes with your internal BGP (IBGP)
peer.
Note
device.
Step 1.1
necessary.
Step 1.2

Lab 2–2 • Label Distribution Protocols www.juniper.net

Junos MPLS and VPNs
Step 1.3
mxB-1 using the Secure CRT program.
Step 1.4
Step 1.5
Verify that your Open Shortest Path First (OSPF) neighbor relationships are up and
operational.
Question: What is the state of your PE router’s OSPF

neighbors?
Step 1.6
Verify connectivity from CE to PE router using the ping utility.
Question: Was the attempt to ping successful?
Step 1.7
Verify that the BGP neighbor relationship is established before moving on to the next
step.

Junos MPLS and VPNs
Question: Are all of the BGP sessions in the
state?
Step 1.8
Use the run show route advertising-protocol bgp command to
determine which routes that your CE router is advertising to your PE router.
Question: How many routes are being advertised

from your CE router to your PE router?
Step 1.9
Navigate to the hierarchy and configure a policy
named vr-export-loopback. Configure the policy to advertise your CE router’s
loopback address.
Step 1.10
apply the new policy as an export policy to your EBGP group. Commit and exit to
operational mode after you are satisfied with your configuration.
Step 1.11
Verify that you are advertising your CE router’s loopback address to your EBGP peer.
Question: Are any routes being advertised from your

CE router to your PE router?
Step 1.12
Verify the advertisement of the CE router’s loopback route from the local PE router to
the remote IBGP peer.
Question: What route is being advertised from your

PE router to the remote PE router? Why is it being
advertised?

Junos MPLS and VPNs
Note
previous steps.
Step 1.13
Verify that the local PE is receiving the remote CE router’s loopback from the remote
PE neighbor.
Question: Is the local PE router installing any routes

from the remote PE into the routing table?
Question: Do you notice anything interesting about

the output of the command?
Step 1.14
Take an extensive look at the hidden route and determine why the route is hidden.
Question: Why is the route hidden?
Question: How do we fix this problem and get the

route to be a usable route?
Step 1.15
Enter into configuration mode. Navigate to the
hierarchy and create the policy named nhs. Configure this policy to take all BGP
routes learned from your CE neighbor and change the next hop to itself before
advertising these routes to your remote IBGP peer.
Step 1.16
Apply the new policy as an export policy to the BGP group my-int-group. After
you are satisfied with your policy and configuration commit your changes and exit to
operational mode.

Junos MPLS and VPNs
Note
previous steps.
Step 1.17
Verify that the remote loopback address is now usable and installed in the routing
table.
Question: Do you see the route now?
Step 1.18
Verify you are receiving and installing the route to the remote CE router in your
virtual router.
Question: Is the route present in your CE router’s

routing table?
STOP
Do not proceed until the remote team finishes Part 1.
Part 2: Configuring RSVP
In this lab part, you will configure a RSVP signaled LSP that will be used for traffic
that is destined to the network connected to the remote PE router. After configuring
the LSP we will verify CE to CE router communication through the RSVP LSP.
Step 2.1
hierarchy. Configure the core facing interfaces to allow multiprotocol label switching
(MPLS) traffic.
Step 2.2
Step 2.3
Commit the configuration changes and review the interfaces that are participating in
MPLS to ensure we have the proper configuration by executing the run show
mpls interface command.
Junos MPLS and VPNs
Step 2.4
Navigate to the hierarchy. Add the appropriate core
facing interfaces manually. Remember that you must specify the correct unit
number when adding interfaces to any protocol configuration. The default Junos OS
behavior is to assume if no unit is specified. Review the configuration
before committing to ensure the interfaces are correct.
Note
It is perfectly acceptable to use the
option when adding the
interfaces into RSVP. For this lab, however,
we ask that you explicitly identify the
interfaces to demonstrate the importance
of including the correct unit number when
manually configuring particular interfaces.
Step 2.5
Add the configuration for creating the LSP. Navigate to the
hierarchy. First, turn off constrained shortest path first (CSPF) by issuing the
set no-cspf command. Next, create a named
localPE-to-remotePE-pod. For example, if you are assigned router mxB-1,
your peer router is mxB-2 and your pod is B. The LSP for mxB-1 should be named
pe1-to-pe2-B. Your LSP should egress at your remote peer’s loopback address.
Verify that the configuration looks correct. Commit and exit to operation mode when
you are satisfied with the changes.
Step 2.6
Verify the status of your recently configured LSP reviewing the information displayed
by issuing the show mpls lsp command.
Question: How many LSPs are reflected in the

output and what are the terminating points?
Question: Can you tell what path the LSP signaled

over?
Step 2.7
Review the ingress LSP in more detail by including the and
options with the previous command.

Junos MPLS and VPNs
Question: Can you determine what routers in the
network are being traversed by the LSP you
configured?
Step 2.8
Verify traffic that is destined to the remote CE router’s loopback will use the LSP by
issuing the show route remote-CE-loopback-address command.
Question: Will traffic destined for the remote CE get

forwarded using the LSP?
Step 2.9
Verify the remote CE router’s loopback is reachable from your local CE router by
sending five Internet Control Message Protocol (ICMP) packets. Make sure to source
the ICMP packets from the local CE router’s loopback address.
Question: Were the pings successful?
Step 2.10
Verify the ICMP packets traversed the LSP by displaying the traffic statistics for the
LSP.
Question: How many packets have been forwarded

over the LSP?

Junos MPLS and VPNs
Part 3: Configuring a Explicit Route Object (ERO)
In this lab part, you will create a path using both strict and loose path constraints.
You will apply the path as the primary path to your existing LSP, forcing the LSP to
signal along the specified path. You will decide which path the LSP will traverse. The
only criteria for this task is that you must have at least one strict hop and one loose
hop defined for the path. The example below is from the perspective of the local PE
router. The path example will have a strict hop requirement of the router and a
loose hop requirement of the router. This path was chosen for demonstration
purposes only—you might choose to engineer your LSP path differently.
Step 3.1
Enter into configuration mode and edit to the
hierarchy. Create a path named my-ER0 and configure the strict and loose hops you
want the LSP path to signal along.
Step 3.2
Apply the ERO you just created as the path used by the LSP you
configured in Part 2. If you do not remember what the LSP name was, you can use
the question mark option to display the LSPs that are configured on the router.
Review the configuration changes before committing and exiting to operational
mode.
Step 3.3
Verify the status of your LSP using the show mpls lsp ingress command.
Question: What is the state of your LSP?
Question: What is the active path being used?
Step 3.4
Review the output displayed from the show mpls lsp ingress detail
command to verify the LSP is following the path you created.
Question: Does the reflect the path you

specified?

Junos MPLS and VPNs
Part 4: Configuring LDP
In this lab part, you will deactivate RSVP and add LDP to your network setup. Then
you will verify that traffic will transit the network using the LDP LSP.
Step 4.1
Enter into configuration mode and deactivate RSVP. Commit the configuration
change.
Step 4.2
Navigate to the hierarchy and add the
statement. As good practice, remember to disable the management interface.
After making the configuration changes commit and exit to operation mode for
verification.
Step 4.3
Verify the proper interfaces are participating in LDP by issuing the command show
ldp interface.
Question: Do you see the correct interfaces?
Step 4.4
Verify the status of the LSP by issuing the show ldp session command.
Question: What is the status of the connection?
Step 4.5
Verify traffic that is destined to the remote CE router’s loopback will use the LSP by
issuing the show route remote-ce-loopback-address command.
Question: Will traffic destined for the remote CE get

forwarded using an LSP?
Step 4.6
Verify the remote CE router’s loopback is reachable from your local CE router by
sending five ICMP packets.

Junos MPLS and VPNs
Question: Were the pings successful?
Step 4.7
Verify these ICMP packets traversed the LSP by displaying the traffic statistics for
the LSP.
Question: Did the ICMP packet traverse the LDP

LSPs?
STOP Do not proceed until the remote team finishes Part 4
Part 5: Changing the Default Route Preference
In this lab part, your network will be running both RSVP and LDP to signal LSPs. All
traffic destined for the remote CE router must use the LDP LSPs. You will use
protocol preference to manipulate the LSP that is chosen as the next hop.
Step 5.1
Enter into configuration mode and re-activate the RSVP protocol. Commit the
configuration changes.
Step 5.2
Review the routing table to determine what route is being used to carry traffic to the
remote CE network. Please note that the route might not change right away. It can
take a few moments to update the routing table.
Question: What protocol is being used to carry the

traffic to remote CE router?
Question: What table can you look at to see the

preference values of RSVP and LDP?

Junos MPLS and VPNs
Step 5.3
Review the routes being used in the routing table inet.3 by issuing the run show
route table inet.3 remote-pe-loopback-address command.
Question: How can we make the LDP route more

preferred than the RSVP route?
Step 5.4
Lower the preference of the LDP protocol to be one lower than RSVP. You can
accomplish this by issuing the set protocols ldp preference 6 command.
Commit your changes and return to operational mode.
Step 5.5
After the commit has finished, review the route to the remote PE router in the
routing table to ensure LDP will be used for traffic to the CE network.
Question: What protocol is now the more preferred

protocol for traffic destined to the remote PE ?
Step 5.6
View the route to the remote CE to determine which type of LSP will be used to
forward traffic to the remote CE.
Question: What type of LSP will be used to reach the

remote CE from the local PE?
Note
It is perfectly acceptable in our situation to
make all LDP routes more preferred than
RSVP routes. However, this might not
always be the case. You can increase the
route preference on RSVP routes on each
label-switched-path, which allows you to
alter the preference on a more granular
level than LDP.

Junos MPLS and VPNs
Step 5.7

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Lab
CSPF
Overview
In this lab, you create a baseline multiprotocol label switching (MPLS) network and then
create label switched paths (LSPs) using administrative groups as a constraint for
constrained shortest path first (CSPF).
The lab is available in two formats: a high-level format that is designed to make you think
through each step and a detailed format that offers step-by-step instructions complete
with sample output from most commands.
• Create a baseline network.
• Define three Resource Reservation Protocol (RSVP) signaled LSPs to the
remote provider edge (PE) router.
• Create and assign administrative groups to interfaces and define an LSP using
administrative groups as a routing constraint.
• Analyze the traffic engineering database (TED).
www.juniper.net CSPF • Lab 3–1

Junos MPLS and VPNs
Part 1: Creating the Baseline Network
In this lab part, you will create the baseline network for the lab. You will load a
baseline configuration which will configure your router’s interfaces, Open Shortest
Path First (OSPF) topology, and the Internal Border Gateway Protocol (IBGP) peering
session between the two PE routers. You will then enable RSVP and MPLS on the
core-facing interfaces.
Note
device.
Step 1.1
necessary.
Step 1.2

Step 1.3
Lab 3–2 • CSPF www.juniper.net

Junos MPLS and VPNs
Step 1.4
jmv/lab3-start.config. Commit the configuration and return to operational
mode.
Step 1.5
operational.

neighbors?
Step 1.6
Verify that your PE router has established an IBGP neighbor relationship with the
remote PE router.
Question: Is the neighbor relationship in the

established state with the remote PE router?
Step 1.7
hierarchy. Configure the core facing interfaces to allow multiprotocol label switching
(MPLS) traffic.
Step 1.8
Step 1.9
Commit the configuration changes and review the interfaces that are participating in
MPLS to ensure we have the proper configuration by executing the run show
mpls interface command.
Step 1.10
Navigate to the hierarchy. Add the appropriate core
facing interfaces manually. Remember that you must specify the correct unit
number when adding interfaces to any protocol configuration. The default Junos OS
behavior is to assume if no unit is specified. Review the configuration
before committing to ensure the interfaces are correct.

Junos MPLS and VPNs
Note
It is perfectly acceptable to use the
interface all option when adding the
interfaces into RSVP. For this lab, however,
we ask that you explicitly identify the
interfaces to demonstrate the importance
of including the correct unit number when
manually configuring particular interfaces.
Step 1.11
Using show commands, verify that the MPLS and RSVP are configured correctly on
the core-facing interfaces.
Question: Can your core-facing interfaces now

support the transmission of MPLS packets?
Part 2: Enabling the TED
By default, the Junos operating system does not support the flooding the Opaque
LSAs used to build the TED. This feature must be enabled on every router in the
OSPF network. In this lab part, you will enable the TED and verify its operation.
Step 2.1
View the OSPF database and determine what types of link state advertisements
(LSAs) are currently being flooded in the network.
Question: What types of LSAs are being flooded in

the OSPF domain?
Question: Is your router generating an OpaqArea

LSA?
Step 2.2
View the TED and determine whether or not your router is using the LSAs
to build a TED.

Junos MPLS and VPNs
Question: Does your router have a TED available for
CSPF calculations?
Step 2.3
Enter configuration mode and navigate to the
hierarchy and enable traffic-engineering so that your router will flood its own
LSA and use these LSA types to build and use the TED for CSPF
calculations. Commit your configuration and exit to operational mode to determine if
your router is using the TED.
Step 2.4
Issue the show ospf database command and determine if you router is now
generating LSA s.
Question: Is your router generating an

LSA?
Step 2.5
Issue the show ted database command to determine if your router is using the
LSAs to build a TED database.
Question: Does your router have a TED available for

CSPF calculations?
Step 2.6
View the TED and determine the colors (administrative groups) that have been
assigned to your PE router local interfaces.
Question: Have any colors been assigned to your PE

router’s core-facing interfaces?
Part 3: Configuring RSVP-Signaled LSPs
In this lab part, you will configure gold, silver, and bronze RSVP-signaled LSPs.
Junos MPLS and VPNs
Step 3.1
hierarchy. Configure an RSVP-signaled LSP named
lsp-gold-localPE-to-remotePE-pod. For example, if you are assigned
router mxB-1, your peer router is mxB-2 and your pod is B. The LSP for mxB-1 should
be named lsp-gold-pe1-to-pe2-B. Your LSP should egress at your remote
peer’s loopback address. Create and a use a path called path1 to ensure that this
LSP traverses P2 as a loose hop.
Step 3.2
Configure an RSVP-signaled LSP named
lsp-silver-localPE-to-remotePE-pod. For example, if you are assigned
be named lsp-silver-pe1-to-pe2-B. Your LSP should egress at your remote
peer’s loopback address. Use the path called path1 to ensure that this LSP
traverses P2 as a loose hop.
Step 3.3
Configure an RSVP-signaled LSP named
lsp-bronze-localPE-to-remotePE-pod. For example, if you are assigned
be named lsp-bronze-pe1-to-pe2-B. Your LSP should egress at your remote
peer’s loopback address. Use the path called path1 to ensure that this LSP
traverses P2 as a loose hop. Commit your configuration and exit to operational
mode.
Step 3.4
Using the show rsvp session extensive ingress command, verify that
the new LSPs are up and are currently traversing P2.
Question: Are all three LSPs up?
Question: What path are each of the LSPs taking

through the network? List the routers that the LSPs
traverse.
Part 4: Adding Administrative Groups to Core-Facing Interfaces
In this lab part, you will add administrative groups to your core-facing interfaces.
Refer to the lab diagram to determine the administrative groups to be applied to the
interfaces. The P router interfaces have been preconfigured with the administrative
groups listed on the diagram.

Junos MPLS and VPNs
Step 4.1
Enter configuration mode and navigate to the hierarchy.
Define an administrative group called gold that uses a value of 1.
Step 4.2
Define an administrative group called silver that uses a value of 2.
Step 4.3
Define an administrative group called bronze that uses a value of 3.
Step 4.4
Apply the administrative groups (as listed in the lab diagram) to the core-facing
interfaces. Commit your configuration and exit to operational mode.
Step 4.5
Use the show mpls interface command to verify that the correct
administrative groups have been applied to your interfaces.
Question: What administrative group have been

applied to the interfaces?
Step 4.6
View the TED and determine whether your router is advertising the correct colors
(administrative groups) to all other routers in the network.
Question: Is your router advertising the correct color

settings to other routers in the network?
Part 5: Configuring LSPs to Take Gold, Silver, and Bronze Paths Using CSPF
In this lab part, you will modify the configuration of your LSPs so that they will take a
particular path through the network. By specifying the administrative groups to
include in the CSPF algorithm, the gold LSP will take the gold path, the silver LSP will
take the silver path, and the bronze LSP will take the bronze path through the
network.

Junos MPLS and VPNs
Step 5.1
hierarchy, Modify the primary path for the gold LSP so that it takes only the gold path
through the lab network, ensuring that it continues to pass through P2.
Step 5.2
Modify the primary path for the silver LSP so that it takes only the silver path through
the lab network ensuring that it continues to pass through P2.
Step 5.3
Modify the primary path for the bronze LSP so that it takes only the bronze path
through the lab network ensuring that it continues to pass through P2. Commit your
configuration and exit to operational mode.
Step 5.4
Use the show rsvp session ingress detail command to verify that each
LSP is traversing the correct, colored path as well as passing through P2.
Question: List the routers that the gold LSP

traverses. Does it traverse the expected path?
Question: List the routers that the silver LSP

Question: List the routers that the bronze LSP

Step 5.5

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Lab
Traffic Protection
Overview
In this lab, you will load a baseline multiprotocol label switching (MPLS) network and then
create label switched paths (LSPs) using different traffic protection mechanisms.
• Load a baseline network.
• Define an Resource Reservation Protocol (RSVP) signaled LSP to the remote
provider edge (PE) router.
• Add primary/secondary path protection to an LSP.
• Add secondary/secondary path protection to an LSP.
• Add fast-reroute protection to an LSP.
• Add node-link protection to an LSP.
• Add link protection to an LSP.
www.juniper.net Traffic Protection • Lab 4–1

Junos MPLS and VPNs
baseline configuration which will configure your router’s interfaces, Open Shortest
Path First (OSPF) topology, and the Internal Border Gateway Protocol (IBGP) peering
session between the two PE routers. The configuration will also enable RSVP and
MPLS on the core-facing interfaces. Please refer to the lab diagram titled “Traffic
Protection Lab”.
Note
device.
Step 1.1
necessary.
Step 1.2

Step 1.3
Lab 4–2 • Traffic Protection www.juniper.net

Junos MPLS and VPNs
Step 1.4
mode.
Step 1.5
operational.

neighbors?
Step 1.6
remote PE router.

Step 1.7

Part 2: Redistributing Routes into BGP
In this lab part, each PE router will be configured for a static route. You will then
redistribute that static route into BGP using policy. Review the lab diagram to verify
the static route.
Step 2.1
hierarchy. Configure the static route associated with your PE. Configure a next hop of
reject for that route.

Junos MPLS and VPNs
Step 2.2
Navigate to the hierarchy and configure a routing
policy called statics to redistribute the static route into BGP.
Step 2.3
Navigate to the hierarchy and apply the policy as an
export policy to the remote PE neighbor. Commit your configuration and exit to
operation mode.
Step 2.4
Using the show route advertising-protocol bgp command, verify that
you are sending a route to your remote PE neighbor.
Question: Is your router advertising the route to the

remote PE router?
Step 2.5
Using the show route receive-protocol bgp command, verify that you are
receiving a route from your remote PE neighbor.
Question: Is your router receiving the route from the

remote PE router?

Junos MPLS and VPNs
Part 3: Creating an LSP to the Remote PE
In this lab part, you will create an RSVP-signaled LSP from your PE to the remote PE.
The second router along the path of the LSP must be either P1 (for ingress router
PE1) or P3 (for ingress router PE2). You will specify a strict hop of the provider
router’s connecting interface. Refer to the lab diagram titled “Traffic Protection Lab”
to determine the path of your LSP.
Step 3.1
hierarchy. Create a path for your LSP named strict-first-hop using the hops
listed in the following table:
Ingress PE Strict Hop Loose Hop

mxA-1 172.22.210.2 193.168.5.6
mxA-2 172.22.212.2 193.168.5.4
mxB-1 172.22.220.2 193.168.5.6
mxB-2 172.22.222.2 193.168.5.4
mxC-1 172.22.230.2 193.168.5.6
mxC-2 172.22.232.2 193.168.5.4
mxD-1 172.22.240.2 193.168.5.6
mxD-2 172.22.242.2 193.168.5.4
Step 3.2
Configure an LSP named localPE-to-remotePE-pod to the remote PE with a
primary path using the path you created in the previous step. For example, if you are
assigned router mxB-1, your peer router is mxB-2 and your pod is B. The LSP for
mxB-1 should be named pe1-to-pe2-B. Your LSP should egress at your remote
peer’s loopback address. Modify the LSP with the command. Commit your
configuration and exit configuration mode and verify that your LSP is up.
Step 3.3
Verify that the new LSP is up and is currently traversing the correct downstream
P routers.
Question: Is the new LSP up?
Question: What path is the LSPs taking through the

network? List the routers that the LSPs traverse.

Junos MPLS and VPNs
Step 3.4
Enter configuration mode and disable the interface on your PE router that is being
used by the primary path of the LSP. Commit your configuration.
Step 3.5
Verify the status of the LSP.
Question: What happens to the status of the LSP

while the interface is disabled?
Step 3.6
Enable the interface on your PE router that is being used by the primary path of the
LSP. Commit your configuration.
Step 3.7
Verify that the LSP is up using the run show rsvp session ingress
command.

when the interface is enabled?
Part 4: Configuring a Secondary Path for Added Protection
In this lab part, you will configure a secondary path for the LSP to add traffic
protection to the LSP.
Step 4.1
Navigate to the hierarchy. Create a secondary path
called any-path that lists no hops. That is, this path should make it as easy as
possible for the network to build a secondary path.
Step 4.2
To provide traffic protection to the existing LSP, apply the path created in the
previous step as a secondary path for the LSP. Commit your configuration and exit
configuration mode.
Step 4.3
Verify that the new LSP is up and is currently traversing the correct next-hop P router.

Junos MPLS and VPNs
Question: Is the secondary path in an up state? Why
or why not?
Step 4.4
Step 4.5
Verify the status of the LSP.

Step 4.6
LSP. Commit your configuration and exit to operational mode.
Step 4.7
Use the show mpls lsp extensive command to verify the status of the LSP.
Question: Which path is being used by the LSP

immediately after enabling the interface? Why?
Part 5: Configuring Secondary Standby Protection
In this lab part, you will configure a secondary path that will be on hot standby for
the LSP to add even more traffic protection to the LSP.
Step 5.1
hierarchy. To provide slightly more traffic protection to the existing LSP, apply the
any-path path as a standby secondary path for the LSP. Commit your
configuration and exit configuration mode and verify that your LSP is up.
Step 5.2
Use the show mpls lsp ingress extensive command to verify that the new
LSP is up using the primary path. Also, verify that the secondary path is up in a
standby state.

Junos MPLS and VPNs
Question: Is the primary path up? Secondary?
Question: What path is the secondary path taking

through the network? List the routers that the LSPs
traverse.
Step 5.3
Enter configuration mode and disable the interface on your PE that is being used by
the primary path of the LSP. Commit your configuration.
Step 5.4
Verify the status of the LSP using the run show mpls lsp ingress
extensive command.

Step 5.5
Step 5.6
Use the show mpls lsp ingress extensive command to verify the status of
the LSP.
Question: What path is being used by the LSP

Step 5.7
After the LSP has reverted to the primary path, view the forwarding table to see the
next hop of the BGP route being advertised by the remote PE router.

Junos MPLS and VPNs
Question: How many next hops are associated with
the received BGP route?
Question: When using a standby secondary LSP, a

very short time exists when traffic cannot be
forwarded through the secondary path at the
moment of primary failure. The cause of this short
delay is the time it takes to install the new next hop
in the forwarding table of the PFE. Can you shorten
this delay? How?
Step 5.8
hierarchy. Create a load balancing policy called load-balance that performs load
balancing on all prefixes.
Step 5.9
Navigate to the hierarchy. Apply the
load-balance policy as an export policy to the forwarding table. Commit your
Step 5.10
View the forwarding table to see the next hop of the BGP route being advertised by
the remote PE router.

the received BGP route?
Part 6: Examining a Secondary/Secondary Protected LSP
In this lab part, you will familiarize yourself with the behavior of an LSP with no
primary path. Instead, the LSP will have two secondary paths.
Step 6.1
Enter configuration mode navigate to the hierarchy.
Delete the LSP from the previous sections of the lab.

Junos MPLS and VPNs
Step 6.2
Create a LSP named localPE-to-remotePE-pod to the remote PE.
For example, if you are assigned router mxB-1, your peer router is mxB-2 and your
pod is B. The LSP for mxB-1 should be named pe1-to-pe2-B. Your LSP should
egress at your remote peer’s loopback address. The LSP should have two secondary
paths. The first secondary path uses the strict-first-hop path and the next
uses the any-path path. Order is important!!! Commit your configuration and exit
to operational mode.
Step 6.3
the LSP.
Question: Which secondary path is being used by

the LSP?
Step 6.4
Enter configuration mode and disable the interface on your PE that is being used by
the primary path of the LSP. Commit your configuration.
Step 6.5
Use the run show mpls lsp ingress extensive command to verify the
status of the LSP.

Step 6.6
Enable the interface on your PE that is used by the primary path of the LSP. Commit
your configuration and exit to operational mode.
Step 6.7
the LSP.
Question: Which path is used by the LSP


Junos MPLS and VPNs
Part 7: Examining a Fast-Reroute Protected LSP
In this lab part, you will become familiar with an LSP that is protected by fast-reroute.
Step 7.1
Step 7.2
Create an no-cspf LSP named localPE-to-remotePE-pod to the remote PE.
For example, if you are assigned router mxB-1, your peer router is mxB-2 and your
pod is B. The LSP for mxB-1 should be named pe1-to-pe2-B. Your LSP should
egress at your remote peer’s loopback address. The LSP should have fast-reroute
enabled. The LSP should have a primary path using the strict-first-hop path.
Commit your configuration and exit to operational mode.
Step 7.3
Use the show rsvp session ingress detail command to verify the status
of the LSP.
Question: Has the PE router signaled to the

downstream routers that fast-reroute is desired?
Question: Has your PE router signaled a detour path

around the immediate downstream node? If so,
what is the path of the detour?
Step 7.4
Step 7.5
Use the run show mpls lsp ingress extensive command to verify the
status of the LSP.

Step 7.6

Junos MPLS and VPNs
Step 7.7
of the LSP.
Question: Which path is used by the LSP

Part 8: Examining Link and Node-Link Protected RSVP LSPs
In this lab part, you will become familiar with an RSVP LSP that is protected by link
and node-link protection.
Step 8.1
Step 8.2
Create an no-cspf LSP named localPE-to-remotePE-pod to the remote PE
router with node-link protection enabled. The LSP should have a primary path using
the strict-first-hop path.
Step 8.3
In the previous part of the lab, you found that the fast-reroute feature allowed the
ingress PE to signal to all downstream routers that they must build detour paths
around the immediate downstream node. In the case of fast-reroute, no special
configuration was needed on any downstream router to build detour paths. In the
case of link and node-link protection, you must specify each individual link within
your network topology that can be protected.
Navigate to the hierarchy and configure the
ge-1/0/0.unit interface to allow link protection capabilities. Commit your
Step 8.4
of the LSP.
Question: Is the bypass LSP up?
Question: Does the bypass LSP provide protection

for the failure of the P router that is directly
connected to your PE router through the ge-1/0/0
link?

Junos MPLS and VPNs
Step 8.5
Modify your LSP to provide link protection.
Step 8.6
View your MPLS configuration and verify that link protection is configured. Commit
Question: Looking at your configuration, are both

link and node-link protection configured for your
LSP?
Step 8.7
of the LSP.
Question: Is the bypass LSP up?
Question: Does the bypass LSP provide protection

for the failure of the ge-1/0/0 link?
Step 8.8 (Optional)

Enter configuration mode and disable the interface on your PE router that is used by
the primary path of the LSP. Commit your configuration and exit to operational
mode. Verify that protection occurs using the methods learned in this lab.
Part 9: Configuring LDP Link Protection
In this lab part, you will become familiar with an LDP LSP that is protected by link
and protection.
Step 9.1
Step 9.2
Navigate to the and enable LDP on every interface.
Step 9.3
Use the show ldp interfaces command to determine if LDP has been
enabled.

Junos MPLS and VPNs
Question: Does your router have any LDP
neighbors? What interfaces?
Step 9.4
Use the show route 193.168/16 command to view the routes to the loopback
address of all routers in the topology.
Question: Do you notice anything similar about the

OSPF learned routes and the LDP learned routes?

each route?
Step 9.5
Navigate to the hierarchy. On the unit
interface, apply link protection. Commit your configuration.
Step 9.6
Question: How did the routing tables change by

adding link protection to the OSPF interface?
Question: Why did the next hops change for the LDP
routes when link protection was only configured
under OSPF?
Question: For the LDP routes, what type of LSP is

being used to protect the interface?
Step 9.7
Navigate to the hierarchy. Configure a path called
avoid-top that ensure that an LSP will not traverse the ge-1/0/0 interface.
Step 9.8
Configure a RSVP LSP called protect that terminates on the P router
attached to your ge-1/0/0 interface. Apply the avoid-top path to the LSP. Also,
ensure that it can be used as a backup path for both OSPF routes and LDP routes by
configuring and .

Junos MPLS and VPNs
Step 9.9
Issue the show mpls lsp command to verify the status of the RSVP LSP.
Question: Is the RSVP LSP in the up state?
Step 9.10
Question: How did the routing tables change by

adding the RSVP LSP?
Question: Did the next hops for route to the remote

PE change? Why?
Question: For the LDP routes, what type of LSP is

being used to protect the interface?
Step 9.11

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Lab
Fate Sharing
Overview
In this lab, you will load a baseline multiprotocol label switching (MPLS) network. You will
analyze the default fate sharing behavior of your Juniper router. You will then configure
fate sharing so that you can avoid a single point of failure between the primary and
secondary paths of an MPLS label switched path (LSP). Next, you will enable Shared Risk
Link Group (SRLG) values in the network such the IGP can help improve the Junos
operating system’s default fate sharing behavior. Finally, you will repurpose a set of SRLG
values for use as extended admin groups.
• Load a baseline network.
• Define an Resource Reservation Protocol (RSVP) signaled LSP to the remote
provider edge (PE) router.
• Add primary/secondary path protection to an LSP.
• Analyze the default fate sharing behavior of you Juniper routers.
• Modify the fate sharing behavior of you Juniper router.
• Enable and analyze the use of SRLG values.
• Enable extended admin groups to be used for signaling MPLS LSPs.
www.juniper.net Fate Sharing • Lab 5–1

Junos MPLS and VPNs
baseline configuration which will configure your router’s interfaces, six logical
systems that represent the core network (p1, p2, p3, p4, pe2, and VS), and the
Open Shortest Path First (OSPF) topology. Since the core network is already
configured for you, you will only be responsible for configure pe1 (the default logical
system). The loaded configuration will also enable RSVP and MPLS on the
core-facing interfaces of the pe1 router.
Note
device.
Step 1.1
necessary.
Step 1.2

Step 1.3
Lab 5–2 • Fate Sharing www.juniper.net

Junos MPLS and VPNs
Step 1.4
mode.
Step 1.5
operational.

neighbors?
Step 1.6
Use the show route command to verify that your PE router has learned routes to
the loopback address of all of the core routers in the network.
Question: Has your PE router learned a route to

each of the core routers’ loopback addresses?
Question: From your pe1’s perspective what is the

best path to take to get to pe2? Describe that path.
Step 1.7


Junos MPLS and VPNs
Part 2: Creating an LSP to the Remote PE
In this lab part, you will create an RSVP-signaled LSP from pe1 to pe2. You will
create two empty paths (no EROs or admin groups) called path1 and path2. You
will apply path1 as the primary path of your LSP and path2 as the secondary path
of your LSP while ensuring that the secondary LSP is in standby mode.
Step 2.1
hierarchy. Create two empty paths called path1 and path2.
Step 2.2
Configure an LSP named lsp1 from pe1 to pe2 with a primary path of path1 and a
secondary path of path2. Ensure the secondary path is on standby. Your LSP
should egress at pe2’s loopback address.
Step 2.3
Enable traceoptions for MPLS by configuring a file name cspf-trace.log and
specify the flags of , , and . Commit your
Step 2.4
Issue the show rsvp session ingress detail command to verify that the
new LSPs are up and also determine the path that they are taking.
Question: Are the new LSPs up?
Question: What path are the LSPs taking through

the network?
Question: Do the two LSPs have a potential single

point of failure?
Question: Why do you think that the primary and

secondary LSPs do not take the exact same path?

Junos MPLS and VPNs
Question: Why does the secondary path not take
the pe1-p1-p4-pe2 links?
Step 2.5
Issue the clear log cspf-trace.log command to empty the contents of the
log file.
Step 2.6
Clear the MPLS LSP and determine the path of the resignaled primary and
secondary LSPs.
Step 2.7
new LSPs are up and also determine the path that they are taking. It might take 30
seconds for the secondary to get to the up state.

the network?
Step 2.8
View the cspf-trace.log file to view the CSPF calculation of the secondary LSP.
Question: Can you tell from the log file as to why the
primary and secondary LSPs do not take the exact
same path?
Part 3: Configuring Fate Sharing
In this lab part, you will configure fate sharing so that the ingress router can attempt
to avoid the single point of failure (the Ethernet switch) when signaling the
secondary LSP.

Junos MPLS and VPNs
Step 3.1
hierarchy. Configure a fate sharing group called switch. Configure fate sharing for
that group such that a cost of 20000 will be added to all links associated with the
Ethernet switch (in the event that the primary traverses the switch) prior to
calculating the path of the secondary LSP. Commit your configuration and exit to
operational mode.
Step 3.2
log file.
Step 3.3
secondary LSPs.
Step 3.4
new LSPs are up and also determine the path that they are taking. It may take 30

the network?
Question: Has the single point of failure (Ethernet

switch) been avoided by the secondary path of the
LSP?
Step 3.5
Question: During the CSPF calculation of the

secondary path, what is the CSPF metric being used
for the pe1-p2 link as well as the pe1-p3 link?

Junos MPLS and VPNs
Part 4: Configuring SRLGs
In this lab part, you will configure an SRLG so that the ingress router can attempt to
avoid the single point of failure (the Ethernet switch) when signaling the secondary
LSP. Use the diagram labeled “Fate Sharing Lab - Part 4” for this part of the lab.
Step 4.1
hierarchy. Delete the entire configuration hierarchy at that level.
Step 4.2
Configure an SRLG called switch1. This SRLG should have a SRLG value of 1003
and an SRLG cost of 20000.
Step 4.3
Navigate to the hierarchy. Apply the switch1 SRLG
to the two ge-1/0/5 subinterfaces that attach to the Ethernet switch. Commit your
Step 4.4
log file.
Step 4.5
secondary LSPs.
Step 4.6
new LSPs are up and also determine the path that they are taking. It may take 30

the network?
Question: Has the single point of failure (Ethernet

switch) been avoided by the secondary path of the
LSP?
Step 4.7
Junos MPLS and VPNs
Question: During the CSPF calculation of the
secondary path, what is the CSPF metric being used
for the pe1-p2 link as well as the pe1-p3 link?
Step 4.8
Issue to the show mpls lsp extensive command to determine the SRLGs that
each path is currently traversing.
Question: What SRLGs are the primary path

traversing?
Question: What SRLGs are the secondary path

traversing?
Question: What could explain the reason why your

are seeing unknown SRLG values?
Part 5: Configuring Extended Admin Groups
In this lab part, you will repurpose 100 SRLG values so that they can be used as
extended admin groups. You will then configure an LSP that will traverse links that
have been colored with extended admin groups.
Step 5.1
hierarchy. Configure the extended admin group range to be from 100 to 900.
Step 5.2
Configure 3 extended admin group called gold (value 100), silver (value 101),
and bronze (value 102).
Step 5.3
Navigate to the hierarchy and apply (color) the
appropriate extended groups to your core facing interfaces.

Junos MPLS and VPNs
Step 5.4
Navigate to the
lsp-bronze and configure an MPLS LSP named lsp-bronze. Ensure that it
uses path1 as its primary path and that the LSP will only traverse links that are
colored with the bronze extended admin group. The LSP should egress at the pe2
router. Commit your configuration and exit to operational mode.
Step 5.5
Issue the show mpls interface command to verify that the extended admin
groups have been applied properly to the pe1 router’s interfaces.
Question: Have the extended admin group been

applied correctly to the pe1 router’s interfaces?
Step 5.6
Issue to the show mpls lsp extensive name lsp-bronze command to
determine the SRLGs that each path is currently traversing.
Question: What path is the lsp-bronze LSP taking to

reach the pe2 router
Step 5.7

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Lab
Miscellaneous MPLS Features
Overview
This lab demonstrates configuration and monitoring of miscellaneous Resource
Reservation Protocol (RSVP) and Label Distribution Protocol (LDP) features on routers
running the Junos operating system. In this lab, you use the command-line interface (CLI)
to configure and monitor RSVP label-switched paths (LSPs) and enable miscellaneous
features.
• Configure an RSVP LSP to install a route in .
• Configure multiprotocol label switching (MPLS) traffic engineering to install a
route in .
• Use policy to control LSP selection.
• Use metrics to control LSP selection.
• Configure the network to not decrement time-to-live (TTL).
• Configure a router to signal explicit null.
• Configure a router to automatically adjust the RSVP reservation based on
observed bandwidth.
• Use MPLS pings to monitor connectivity.
www.juniper.net Miscellaneous MPLS Features • Lab 6–1

Junos MPLS and VPNs
Part 1: Configuring the Baseline Network
In this lab part, you will load a configuration that will automatically configure the
interfaces and networks needed to establish an internal BGP (IBGP) peering
between your provider edge (PE) router and the remote PE router. The loaded
configuration will also enable RSVP and MPLS on the core-facing interfaces. After
loading the configuration, you will configure an LSP to traverse the network to
terminate at the remote provider edge (PE) router.
Note
device.
Step 1.1
necessary.
Step 1.2

Step 1.3
Lab 6–2 • Miscellaneous MPLS Features www.juniper.net

Junos MPLS and VPNs
Step 1.4
mode.
Step 1.5
operational.

neighbors?
Step 1.6
remote PE router.

Step 1.7

Step 1.8
Add the configuration for creating a RSVP LSP to the remote PE router. Navigate to
the hierarchy and create a LSP named
Verify the configuration looks correct. Commit and exit to operation mode when you
are satisfied with the changes.
Step 1.9
Verify the status of your recently configured LSP reviewing the information displayed
by issuing the show mpls lsp command.

Junos MPLS and VPNs
Question: How many LSPs are reflected in the
output and what are the terminating points?
Part 2: Configuring a RSVP LSP to Install a Route in the inet.0 Table
In this lab part, you will add another interface to the OSPF network. Including the
new interface in OSPF will allow you to establish reachability for the remote team.
After establishing reachability, you will configure the router to install the remote
team’s route as a destination that will use the established LSP for all traffic to the
new network.
Step 2.1
hierarchy and add the new interface to the existing configuration as a
interface. We are adding the interface as because we are
adding the interface for demonstrative purposes and will not be establishing a
neighbor relationship on that interface. After you are satisfied with the changes,
commit and exit to operational mode.
Step 2.2
Use the show ospf interface command to verify the new interface is
participating in your OSPF network.
Question: Does the ge-1/0/4 interface appear as

an OSPF interface in the output of the command?
Step 2.3
Verify with your remote team that they have completed the previous task. Once they
have completed these steps, you will verify that you are receiving the new remote
network as an OSPF route.
Question: Do you have the remote network in your

routing table?

Junos MPLS and VPNs
Step 2.4
localPE remotePE pod hierarchy. Using the
statement, add the remote network to your routing table.
Commit your changes.
Step 2.5
Verify that the route has been added to the routing table and points to the
correct LSP.
Question: Do you see the route in your

routing table?
Step 2.6
View the new route to determine if your router is using the OSPF route or the RSVP
route for internal traffic. Remember that only BGP traffic can use the contents of the
routing table to resolve the BGP next hop and internal IPv4 traffic will only
use the next hop found in the routing table.
Question: Is your internal traffic going to use the

OSPF route or the RSVP route?
Step 2.7
Include the RSVP route in the routing table, so that internal traffic can also
use the LSP. Include this route by adding the option to the route you
installed under the LSP. After adding this option, commit your configuration,
Step 2.8
Verify that you can now see the RSVP route in your routing table.
Question: Do you see the RSVP route in your

routing table?
Question: Which route will be used when resolving

internal traffic?
Question: Which route will be used when resolving

external traffic (BGP) next hops?

Junos MPLS and VPNs
Part 3: Configuring MPLS Traffic Engineering to Install an inet.0 Route
In this lab part, you will configure MPLS traffic engineering to move routes from
into the routing table for both BGP and internal gateway protocol
(IGP) routes. You will then use the utility to verify that the traffic is
using the LSP for internal traffic.
Step 3.1
Remove the active option from the installed route. Review your configuration change
before proceeding. When you are satisfied with the change, issue a commit and exit
Step 3.2
Verify that you no longer have the RSVP route in your routing table.
Question: Which protocol is being used in the

routing table?
Step 3.3
hierarchy and enable traffic engineering to move routes from into the
routing table for both BGP and IGP routes. Commit your configuration
changes and exit out of configuration mode.
Step 3.4
Verify that your route table contains the RSVP route to the remote network
specified to use the LSP.
Step 3.5
Using the traceroute utility verify that internal traffic will use the LSP when sending
traffic to the remote network (use the address on the remote PE router’s ge-1/0/4
interface as a destination).
Question: Does your traceroute complete?
Question: Do you see MPLS label values associated

with the traceroute responses?

Junos MPLS and VPNs
Part 4: Using Policy to Control LSP Selection
In this lab part, you will use policy to control which LSP certain traffic traverses. You
will begin by disabling the extra interface from OSPF that was added in Part 2. You
will create two new LSPs that take different paths through the core network. You will
then create two static routes and export these routes to your BGP peer. Finally, you
will create and apply a policy to send traffic destined to the two routes—received
from your neighbor—down separate LSPs.
Step 4.1
Enter into configuration mode and begin by removing the ge-1/0/4 interface that we
added to OSPF area 0 in Part 2. You only need to remove this interface from your
OSPF configuration.
Step 4.2
Navigate to the hierarchy and delete the existing label
switched path and traffic engineering configuration.
Step 4.3
Create two paths named one and two. Specify the different loose hops that each
LSP path should signal along. Path one should traverse the top of the network using
the P1, P2, and P3 routers. Path two should traverse the bottom using P4, P5, and
P6 routers.
Step 4.4
Create two label switched paths named lsp-1 and lsp-2. Apply path one to
lsp-1 as the primary path and apply path two to lsp-2 as the primary path. Both
LSPs should terminate at the remote PE router’s loopback. Before committing your
configuration changes, review the changes. After you are satisfied with the changes
commit and exit to operational mode.
Step 4.5
Using the show mpls lsp extensive ingress command, verify that your
LSPs are established and traversing the core network as expected based on your
explicit paths.
Question: Are your LSPs in an state?
Question: Do your LSPs traverse the core network

as expected?

Junos MPLS and VPNs
Step 4.6
Enter into configuration mode, navigate to the
hierarchy, and define the static routes outlined on the network diagram for the
device you are configuring.
Step 4.7
Navigate to the
hierarchy. Create a policy named export-static that will
export these routes to your internal BGP (IBGP) peer.
Step 4.8
Apply the new policy as an export policy to your IBGP group. Commit your
configuration changes and exit to operational mode.
Step 4.9
Verify that your router is now sending these routes to your neighbor and that you are
receiving the remote static prefixes from the remote peer.
Question: To which LSPs do the routes you received

from your neighbor point as next hops?
Step 4.10
Enter into configuration mode and create a policy named lsp-policy. Create a
term named lsp-1. Under this term you will match the first BGP prefix received
from your peer and change the next-hop to your LSP named lsp-1. You will accept
this route. Then, you will create a second term named lsp-2, which will match on
the second BGP route and change the next-hop to lsp-2. This route also needs to
have the accept action.
Step 4.11
Navigate to the hierarchy and apply the policy
lsp-policy as an export policy to the forwarding table. After applying the policy,
commit your changes and exit to operational mode.
Step 4.12
Verify that the next hop for each of the remote BGP routes point to the correct LSP as
defined in your policy.
Question: Do you see the correct LSP selected as

the next hop for each of your BGP routes?

Junos MPLS and VPNs
Part 5: Using LSP Metric to Control LSP Selection
In this lab part, you will configure the router to use metrics to control LSP selection.
You will begin by removing the policy you created in the Part 4. You must also
remove the export policy applied to the forwarding table. You will look at the current
state of the BGP routes and determined the metric value calculated from the IGP for
each of the RSVP routes. You will then manually set the metric on one of the LSPs to
be higher than the IGP calculated value. You will then verify the changes and review
the changes to the routing table.
Step 5.1
Enter into configuration mode and remove the policy you created in Part 4. You must
also remove the export policy applied to the forwarding table because it is no longer
defined. Commit your changes when you are ready to proceed.
Step 5.2
Use the show route protocol bgp command to review the current status of
your BGP routes received from your peer.

each of the BGP routes? Why?
Step 5.3
Review the RSVP routes in inet.3 to determine what metric is being calculated by the
IGP. This status review provides the current values so that when you manually assign
a metric, you can verify that the changes have been applied correctly
Question: Why do you see both LSPs as available

next hops?
Question: What is the metric of both RSVP LSPs that

was calculated from the IGP?

Junos MPLS and VPNs
Step 5.4
Navigate to the hierarchy and set the metric to 8 for
lsp-2. After changing the metric, commit your configuration and exit to operational
mode.
Step 5.5
Use the show route protocol bgp command to review the BGP routes for
changes.
Question: What changes do you see in the routing

table?
Step 5.6
View the inet.3 table to verify the metric change is reflected by the RSVP routes.
Question: What is the metric of both RSVP LSP

routes after the change?
Part 6: Configuring Your Router to Not Decrement the TTL
In this lab part, you will configure the router to not decrement the TTL. First, you will
look at the default TTL handling behavior. You will configure the router so that the
TTL is not decremented as packets traverse the MPLS network.
Step 6.1
hierarchy. Enable . This will allow you to
traceroute over the MPLS LSPs to the remote teams loopback address. We will be
using traceroute to demonstrate the behavior with TTL handling. Commit the change
and exit to operational mode before proceeding. By using traffic engineering, it
allows internal traffic to use the RSVP routes to get to the remote team’s loopback
address.
Step 6.2
Verify the default behavior by using the traceroute utility. You can now traceroute to
the remote team’s loopback address.
Question: How many devices respond to the

traceroute request?

Junos MPLS and VPNs
Step 6.3
hierarchy. Configure the router so that the TTL is not decremented by using the
statement under the MPLS protocol. Commit the
configuration and exit to operational mode before proceeding to the next step.
Step 6.4
Use the traceroute utility again to view the change in behavior.
Question: How many responses do you see now?
Part 7: Configuring Your Router to Signal Explicit Null
In this lab part, you will configure your router to signal explicit null. Using explicit null
notifies the penultimate label-switching router (LSR) that the egress router will
remove the MPLS label. You will compare the value before and after
configuring the router to signal explicit null.
Step 7.1
Use the show mpls lsp egress command to view the value before
you configure the router to signal explicit null. You should expect to see a value of 3
for both LSPs.
Step 7.2
hierarchy. Configure your router to signal explicit null by using the
command. This command tells the router to signal the upstream
LSR (penultimate router) that it expects to receive an MPLS label. In operation,
instead of signaling a value of 3 upstream (default behavior), the egress router will
signal a value of 0 upstream. Commit the changes and exit to operational mode
before proceeding to the next step.
Step 7.3
Use the show mpls lsp egress command to view the value now that
you have configured the router to signal explicit null. You should expect to see a
value of 0 for both LSPs.
Question: Is the value of the field what

you expect to see?

Junos MPLS and VPNs
Part 8: Configuring Your Router to Automatically Adjust the RSVP Reservation Based on
Observed Bandwidth
In this lab part, you will configure your router to monitor and automatically adjust the
RSVP reservation based on the observed bandwidth. The first step to setting up
automatic bandwidth provisioning is to enable statistics monitoring for the MPLS
protocol. This allows MPLS to track and monitor bandwidth utilization over a
specified time period (default 24 hours). Next, you will enable the automatic
bandwidth provisioning on one of your established LSPs.
Step 8.1
hierarchy. Enable MPLS statistics monitoring by creating a file
named auto-stats and configuring the statement.
Step 8.2
Navigate to the and enable
under the existing LSP . Commit your changes and exit to operational mode
Step 8.3
Verify that your configuration changes have taken affect on the LSP by executing the
show mpls lsp ingress name lsp-1 extensive command.
Question: When will the next LSP adjustment

happen?
Part 9: Using MPLS Ping to Verify LSP Connectivity
In this lab part, you will use MPLS Pings to verify LSP connectivity to the egress
node.
Step 9.1
Verify the connectivity of lsp-1 by executing the command ping mpls rsvp
lsp-1.
Question: Do the pings complete?

Junos MPLS and VPNs
Step 9.2

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Lab
L3VPN Static and BGP Routing
Overview
In this lab, you will establish a point-to-point Layer 3 VPN using RSVP signaling between
provider edge (PE) routers. You will also configure both static and BGP routing between
your PE and customer edge (CE) routers. You will share your routes with the remote
PE router through the Layer 3 VPN using Multiprotocol Border Gateway Protocol (MP-BGP).
• Load the a baseline configuration for your router. This configuration includes
your baseline core configuration including OSPF and BGP. The baseline also
contains a logical router configuration that will act as your CE router for this
lab.
• Configure an RSVP-signaled label-switched path (LSP) to the remote PE router.
• Create and establish a Layer 3 VPN over the core network.
• Configure static routing between your PE and CE router and share your static
PE routes through the Layer 3 VPN using MP-BGP.
• Configure BGP routing between your PE and CE routers and share CE routes
through the Layer 3 VPN using MP-BGP.
• Verify connectivity and behavior using command-line interface (CLI)
operational mode commands including ping and commands used to examine
routing tables and PE-PE BGP announcements.
www.juniper.net L3VPN Static and BGP Routing • Lab 7–1

Junos MPLS and VPNs
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 VPN Signaling
In this lab part, you will configure the baseline network for the lab. You will load a
baseline configuration and then enable Resource Reservation Protocol (RSVP) and
multiprotocol label switching (MPLS) on the core-facing interfaces, configure
MP-BGP, and configure a route-distinguisher ID.
Note
device.
Step 1.1
necessary.
Step 1.2

Step 1.3
Lab 7–2 • L3VPN Static and BGP Routing www.juniper.net

Junos MPLS and VPNs
Step 1.4
Step 1.5
Navigate to the hierarchy. Issue the show command and
analyze the protocols that have been preconfigured for you.
Question: Which protocols have been preconfigured

for you?
Question: In its current state, will your router be

able to build a traffic engineering database (TED)?
Question: What is the name of the preconfigured

BGP peer group? Which router in the network is
configured as a member of the group?
Step 1.6
Exit to operational mode and verify your Open Shortest Path First (OSPF) neighbor
relationships are up and operational.

neighbors?
Step 1.7
remote PE router.


Junos MPLS and VPNs
Question: What address family has been negotiated
for the BGP session? What type of routes can be
advertised between the two PE routers?
Step 1.8
For an interface to support the forwarding of MPLS packets, you must enable the
MPLS family on each interface. Enter configuration mode and navigate to the
hierarchy and enable on both of the
Step 1.9
Navigate to the hierarchy and configure the MPLS protocol
on the core-facing interfaces.
Step 1.10
Configure the RSVP protocol on the core-facing interfaces.
Step 1.11
Enable traffic-engineering under so that your router
will flood its own OpaqArea link state advertisement (LSA) and use these LSA types
to build and use the traffic engineering database (TED) for constrained shortest
path first (CSPF) calculations.
Step 1.12
To allow the exchange of Layer 3 VPN routes, enable the inet-vpn unicast network
layer reachability information (NLRI) for your PE router’s BGP session with the
remote PE router. Make sure to also enable the exchange of standard unicast IP
version 4 (IPv4) routes as well.
Step 1.13
To allow for the automatic generation of route distinguishers, navigate to the
hierarchy and specify the
using your PE router’s loopback address. Commit
your configuration and exit out to operational mode.
Step 1.14
Using show commands, verify that MPLS and RSVP are configured correctly on the


Junos MPLS and VPNs
Step 1.15
Verify the state of your PE router’s BGP neighbor relationship with the remote PE
router.

established state with the remote PE?
Question: What NLRI type has been negotiated

between your PE router and the remote PE router?
Part 2: Establishing an RSVP Signaled LSP Between PE Routers
In this lab part, you will configure an RSVP-signaled LSP between the PE routers. You
will verify reachability using the MPLS ping utility.
Step 2.1
hierarchy and configure a called
Verify the configuration looks correct. Commit and exit to operation mode when you
are satisfied with the changes.
Step 2.2
Use the show mpls lsp command to verify that the RSVP LSP you just configured
is up and functional. Ensure that you have bidirectional LSPs before proceeding.
Question: Are bidirectional LSPs established

Step 2.3
Use the show route table inet.3 command to review the inet.3 routing table
and verify that the RSVP route is present and ready to use.
Question: Is the appropriate RSVP route to the

remote PE router present in the routing
table?

Junos MPLS and VPNs
Step 2.4
Verify MPLS connectivity using the MPLS ping utility.
Question: Does your MPLS ping complete?
Part 3: Verify CE Router Configuration
In this lab part you will view the configuration for CE router (logical system) that was
preconfigured as part of the loaded starting configuration in Part 1 of this lab.
Step 3.1
Use the set cli logical-system command to place the CLI in the context of
the CE router logical system.
Step 3.2
Issue the show configuration command to view the configuration of the CE
router.
Question: What interfaces have been configured on

the CE router? According to the lab diagram, do they
have the appropriate IP addressing?
Question: What is configured under the

hierarchy? According to the
lab diagram, are these setting appropriate?

hierarchy? What does this
policy do?
Step 3.3
Use the ping utility to attempt to ping the local PE router’s ge-1/0/4 interface.
Question: Does your ping succeed? Why?

Junos MPLS and VPNs
Part 4: Configuring the PE to CE Interface
In this lab part, you will configure the PE to CE interface. You will verify reachability
using the ping utility.
Step 4.1
Issue the clear cli logical-system to return to the CLI context of the
default routing instance (your PE router).
Step 4.2
Configure the appropriate ge-1/0/4 interface properties found on the network
diagram. Commit your changes and exit to operational mode to verify reachability to
the CE interface.
Step 4.3
Verify connectivity to the CE device using the ping utility with a count value of 3.
Question: Does your ping complete?
Part 5: Configuring a Layer 3 VPN Instance
In this lab part, you will configure a Layer 3 VPN instance. You will assign a unique
route distinguisher and a unique route target. You will include your CE facing
interface within this instance. In this lab, you will be using the option
because of its simplicity. Please note that and policies
would work also.
Step 5.1
hierarchy. Create a new VPN routing and
forwarding (VRF) instance named vpn-pod.. For example, if you are assigned router
mxB-1, your pod is B. The routing instance for mxB-1 should be named vpn-B.
Step 5.2
Navigate to the pod hierarchy. Create a
route distinguisher using your local loopback address to uniquely identify routes
advertised from this router. The format should look like this:
loopback-address .

Junos MPLS and VPNs
Step 5.3
Configure your route target. As mentioned previously, you will be using the
option. Your target will contain the local autonomous system (AS)
number and will be uniquely identified by using your pod value. Use the following
table to determine the format of your vrf-target.
Pod Target Community

A target:65512:1
B target:65512:2
C target:65512:3
D target:65512:4
Step 5.4
Include the CE facing interface in your VRF instance.
Step 5.5
Review your recent configuration changes. When you are satisfied with these
changes, commit your configuration and exit to operational mode.
Step 5.6
Verify that your VRF routing table has been created and it contains the local and
direct routes for your CE facing interface. You can accomplish this by issuing the
show route table vpn-pod.inet.0 command.
Question: Do you see your local and direct routes?
Part 6: Configuring Static Routing Between the PE and CE Routers
In this lab part, you will configure static routes to pass traffic from your PE router to
your CE router. These routes will be passed through the MP-BGP session to the
remote PE router so that traffic can be routed from the remote CE site. You will
configure a default route on your CE router. You will configure static routes on your
PE router, under your VRF instance, for the four static routes already created on the
CE device. You will also configure a static route for the loopback address of your
CE router. You will verify that these routes are shared with the remote PE device and
you must also verify that you are receiving the routes from the remote PE. You will
use the ping utility to test the CE to CE connectivity over the Layer 3 VPN.

Junos MPLS and VPNs
Step 6.1
Step 6.2
hierarchy. Configure a static default route that points to the PE interface address as
the next hop.
Step 6.3
Issue the show route command that the default route now exists in the CE
router’s routing table.
Question: Is the default route active in the CE

router’s routing table?
Step 6.4
Step 6.5
vpn-pod hierarchy. Configure the static routes in your PE
instance for the static networks that reside on your CE device. You must also
configure a static route for the loopback address of your CE device. All static route
next hops should point to the CE router’s ge-1/1/4 interface address.
Step 6.6
Verify that you are advertising your routes to the remote PE router.
Question: What routes are being advertised to the

remote PE router?
Step 6.7
Verify that you are receiving routes from the remote PE router.
Question: What routes are you receiving from the

remote PE router?
Step 6.8
Review the routes that are installed in your VRF table.

Junos MPLS and VPNs
Question: Do you see all the remote PE routes?
Step 6.9
Step 6.10
Verify you have connectivity from CE to CE through the Layer 3 VPN by using the ping
utility. You will ping the remote CE routers loopback address while sourcing the
packets from your local CE’s loopback address. You will send five packets for this
test. This can be accomplished using the following command: ping
remote-ce-loopback source local-ce-loopback count 5
Question: Do all your ping packets complete?
Part 7: Configuring BGP Routing Between the PE and CE Routers
In this lab part, you will configure BGP routing to pass routes from your CE to your
PE router. These routes will be passed through the MP-BGP session to the remote
PE router so that traffic can be routed from the remote CE site. You will verify that
your routes are shared with the remote PE device and you will also need to verify
that you are receiving the routes from the remote PE. You will use the ping utility to
test the CE to CE connectivity over the Layer 3 VPN.
.
Note
Prior to starting this part of the lab, your CLI
should be set in the context of the CE
logical system.
Step 7.1
hierarchy. Create an external group called my-ext-group and specify the local
PE’s ge-1/0/4 interfaces as the neighbor address. You must also define your
(AS 65512). Apply the policy exp-policy that you analyzed earlier in
the lab as an export policy to your EBGP group. Review your BGP configuration
before proceeding.

Junos MPLS and VPNs
Step 7.2
Navigate to the hierarchy. Remove the static default
route that you created earlier. Commit and exit to operational mode before
proceeding.
Step 7.3
Step 7.4
vpn-pod hierarchy. Delete all static routes that have been
applied to the VRF instance.
Step 7.5
Navigate to the vpn-pod
hierarchy. Create an external group called my-ext-group and specify the local CE
router’s ge-1/1/4 address for the neighbor address. You must also define your
(the local CE router’s AS number). Review your configuration, Commit,
and exit to operational mode before moving on to the next step.
Step 7.6
Verify on the PE that you are receiving the advertised BGP routes from your
CE router.
Question: Do you see the static routes that you

exported with the policy you applied to the CE
router’s BGP instance?
Step 7.7
Verify that your PE router is advertising your VPN routes to the remote PE router.
Question: Are you advertising all the BGP routes you

are learning from your CE router?
Step 7.8
Verify that you are receiving the VPN routes being advertised from the remote
PE router.
Question: Are you receiving all the expected routes

that are being exported from the remote PE and
CE routers?

Junos MPLS and VPNs
Step 7.9
Step 7.10
Review the BGP routes you are receiving on your CE router.
Question: Are you receiving all the remote network

routes from your PE router?
Question: What additional steps must you take to

determine why the routes are not being received at
your CE router?
Step 7.11
Step 7.12
Verify that your PE router is advertising these routes to your CE router.
Question: Do you see all the remote network routes

being advertised to your CE router?
Step 7.13
Take an extensive look at one of the routes you are receiving from the remote
PE router but are not advertising to your CE router.
Question: What is the AS path of this route?
Question: What is the AS of your CE router?
Question: Will the PE router advertise routes to an

EBGP peer when the peer’s AS number is present in
the AS path?

Junos MPLS and VPNs
Step 7.14
vpn-pod hierarchy. Configure the external group to override
the AS. Remember that we discussed a few methods for overcoming this challenge.
You will be using the option because of simplicity. Commit and exit
Step 7.15
Step 7.16
Verify that your CE router is now receiving the routes from your PE router after the
change.
Question: Do you now see the routes being sent

from the remote team in your CE router’s routing
table?
Step 7.17
Verify that you have connectivity from CE to CE through the Layer 3 VPN by using the
ping utility. You will ping the remote CE router’s loopback address while sourcing the
packets from your local CE router’s loopback address. You will send five packets for
this test. This task can be accomplished using the following command: ping
remote-ce-loopback source local-ce-loopback count 5 .
Question: Do your ping requests complete?
Step 7.18
Step 7.19

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Lab
Route Reflection and Internet Access
Overview
In this lab, you will establish two point-to-point Layer 3 virtual private networks (VPNs)
using RSVP signaling between provider edge (PE) routers. You will configure an internal
BGP (IBGP) session with a preconfigured route reflector in the core network. You will
implement route target filtering on your PE router and you will configure Internet access
for the customer edge (CE) router through your PE router.
your baseline core OSPF configuration. The baseline also contains two logical
router configurations that will act as your CE routers for this lab.
• Configure your IBGP peering so that your router peers with the route reflector.
• Configure LDP-signaled label-switched paths (LSPs) to the remote PE router.
• Create and establish two Layer 3 VPNs over the core network.
• Configure BGP routing between your PE and CE routers and share your
CE routes through the Layer 3 VPNs using Multiprotocol Border Gateway
Protocol (MP-BGP).
• Implement route target filtering on your PE router.
• Configure Internet access for your CE router through your PE router.
• Verify connectivity and behavior throughout the lab using command-line
interface (CLI) operational mode commands including ping and commands
used to examine routing tables and PE-PE BGP announcements.
www.juniper.net Route Reflection and Internet Access • Lab 8–1

Junos MPLS and VPNs
baseline OSPF configuration and then enable Label Distribution Protocol (LDP) and
multiprotocol label switching (MPLS) on the core-facing interfaces, configure a
MP-BGP peering session with the route reflector, and configure a route-distinguisher
ID.
Note
device.
Step 1.1
necessary.
Step 1.2

Step 1.3
Lab 8–2 • Route Reflection and Internet Access www.juniper.net

Junos MPLS and VPNs
Step 1.4
Step 1.5

for you?
Step 1.6
operational.

neighbors?
Step 1.7
Navigate to the hierarchy. Configure a IBGP peer group
called my-int-group. Use your router’s loopback address as the source address
of all IBGP packets. Finally, configure your router to peer with the P2 router, which is
the acting route reflector for the core network.
Step 1.8
To allow for the exchange of Layer 3 VPN routes, enable the
network layer reachability information (NLRI) for your PE router’s BGP session with
the P2 router. Make sure to also enable the exchange of standard unicast IP version
4 (IPv4) routes as well. Commit your configuration and exit to operation mode.
Step 1.9
Verify that your PE router has established an IBGP neighbor relationship with the P2
router.

established state with the P2 router?

Junos MPLS and VPNs
between your PE router and the P2 router?
Step 1.10
Step 1.11
Step 1.12
Configure the LDP protocol on the core-facing interfaces as well as the loopback
interface.
Step 1.13
Step 1.14
Use the show mpls interface command to verify that MPLS is configured
correctly on the core-facing interfaces.

Step 1.15
Verify that your router has established LDP neighbor relationships with the
neighboring P routers.
Question: What is the state of your PE router’s

relationship with the neighboring P routers?
Step 1.16
Verify that the routing table contains an LDP route to the remote PE router.

Junos MPLS and VPNs
Question: Do you see the LDP route to the remote
PE router in your routing table?
Part 2: Verify CE Router Configuration
In this lab part, you will view the configuration for the two CE routers (logical
systems) that were preconfigured as part of the loaded starting configuration in
Part 1 of this lab.
Step 2.1
the lower CE router logical system (based on the location on diagram).
Step 2.2
router.



policy do?
Step 2.3

Junos MPLS and VPNs
Step 2.4
the upper CE router logical system (based on the location on diagram).
Step 2.5
router.



policy do?
Step 2.6
Part 3: Configuring the PE to CE Interfaces
In this lab part, you will configure both of the PE to CE interfaces.You will verify
reachability using the ping utility.

Junos MPLS and VPNs
Step 3.1
Step 3.2
hierarchy. Configure the appropriate interface properties on your PE routers that can
be found on the lab diagram. You will configure the interfaces for each connection to
the two CE routers. Commit your change and exit to operational mode to verify
reachability to the CE interface.
Step 3.3
Verify reachability to both CE routers by pinging their interfaces five times.
Question: Do the pings complete?
Part 4: Configuring Two Layer 3 VPN Instances
In this lab part, you will configure two Layer 3 VPN instances. You will create a VPN
named vpn-lower, which will connect the lower CE routers (see diagram) of the
two sites. For example, if you are controlling mxB-1 or mxB-2 (pod B), you will create
a VPN that connects ceB-1 to ceB-2. You will then create a VPN named vpn-upper,
which will connect the upper CE routers. You will assign a unique route target to
each instance and you will include your CE-facing interface within the appropriate
instance. In this lab, you will be using the option because of its
simplicity. Please note that and policies would work
also. Use the following table as your guide for configuring your target communities in
this part of the lab.
Pod Lower Target Upper Target

A target:65512:101 target:65512:102
B target:65512:201 target:65512:202
C target:65512:301 target:65512:302
D target:65512:401 target:65512:402
Step 4.1
vpn-lower hierarchy. Configure the routing instance specifying a routing
instance type of .

Junos MPLS and VPNs
Step 4.2
Configure your route target for the lower VPN. As mentioned previously, you will be
using the option. See the table at the beginning of this part of the lab
to determine the appropriate target community value.
Step 4.3
Configure the behavior for this VRF instance.
Step 4.4
Add the appropriate subinterface of ge-1/0/4 to the routing instance. Review your
configuration changes and commit when you are satisfied with the changes.
Step 4.5
Navigate to the vpn-upper hierarchy.
Configure the routing instance specifying a routing instance type of .
Step 4.6
Configure your route target for the upper VPN using the option. See
the table at the beginning of this part of the lab to determine the appropriate target
community value.
Step 4.7
Add the appropriate subinterface of ge-1/0/5 to the routing instance. Review your
configuration changes and when satisfied, commit and exit to operational mode.
Step 4.8
Use the show route command to verify that both VRF tables are created and
contain the local network routes.
Question: What routes do the tables contain?
Step 4.9
Issue the show route advertising-protocol bgp extensive command to
view that routes that are being advertised to the route reflector.
Question: Do you notice any differences in the

routes in the vpn-lower and vpn-upper tables?
Why?

Junos MPLS and VPNs
Part 5: Configuring BGP Routing Between the PE and CE Routers
In this lab part, you will configure BGP routing to pass routes from your CE routers to
your PE router. These routes will be passed through the MP-BGP session to the
remote PE router so that traffic can be routed from the remote CE sites. You will
verify that your routes are shared with the remote PE device and you will also need
to verify that you are receiving the routes from the remote PE router for each of the
configured VPNs. You will use the ping utility to test the CE to CE connectivity over
the Layer 3 VPNs for each site.
Step 5.1
vpn-lower hierarchy. Create an external group called
my-ext-group-lower and specify your locally attached CE router’s neighbor
address. You must also define your . Remember to add the option
to your BGP group, because both the local CE router and the remote
CE router are in the same AS. Review your configuration, commit, and exit to
operation mode before moving on to the next step.
Step 5.2
Step 5.3
hierarchy. Create an external group called my-ext-group and specify your local
PE router’s neighbor address. You must also define your . Apply the policy
exp-policy that you viewed earlier in the lab as an export policy to your EBGP
group. Review your configuration, commit, and exit to operational mode.
Note
Check with the team configuring the
remote CE router and ensure that they have
completed Step 5.3 before proceeding to
the next step.
Step 5.4
Step 5.5
Use the show route receive-protocol bgp command to verify that you are
receiving the static routes from the lower CE router at your PE router.

Junos MPLS and VPNs
Question: Has your PE router received the BGP
routes that represent that static routes that were
redistributed by the local, lower CE router?
Step 5.6
Issue the show route advertising-protocol bgp 193.168.5.2
command to verify that you are sending the routes learned from the local lower CE
router to the remote team through the route reflector.
Question: Is your PE router sending the BGP routes

that represent that static routes that were
redistributed by the local, lower CE router?
Step 5.7
Issue the show route receive-protocol bgp 193.168.5.2 command to
verify that you are also receiving the remote, lower CE router’s static routes at your
PE router from the route reflector.
Question: Is your PE router receiving the BGP routes

redistributed by the remote, lower CE router?
Step 5.8
Issue the show route advertising-protocol bgp local-ce-address
command to verify that you are sending the routes learned from the remote, lower
CE router to the local, lower CE router.

from the remote, lower CE router to the local, lower
CE router?
Step 5.9

Junos MPLS and VPNs
Step 5.10
Verify reachability to the remote CE router by pinging the loopback address five
times. This task can be accomplished by issuing the ping
remote-ce-loopback source local-ce-loopback count 5 command.
Question: Did the ping test complete?
Note
If you are not receiving or sending any of
the routes from the previous steps, please
review your configuration and work with the
remote team for your pod. Request
assistance from the instructor as needed.
Step 5.11
Step 5.12
vpn-upper hierarchy. Create an external group named
my-ext-group-upper and specify your neighbor address. You must also define
your . Remember to add the option to your BGP group,
because both the local CE router and the remote CE router are in the same AS.
Review your configuration, commit your configuration, and exit to operational mode
Step 5.13
Step 5.14
hierarchy. Create an external group named my-ext-group and specify your
neighbor address. You must also define your . Apply the policy
exp-policy that you viewed earlier in this lab as an export policy to your EBGP
group. Review your configuration, commit, and exit to operational mode.
Note
Check with the team configuring the
remote CE router and ensure that they have
completed Step 5.14 before proceeding to
the next step.

Junos MPLS and VPNs
Step 5.15
Step 5.16
Use the show route receive-protocol bgp command to verify that you are
receiving the static routes from the upper, local CE router at your PE router.
Question: Has your PE router received the BGP

routes that represent that static routes that were
redistributed by the local, upper CE router?
Step 5.17
command to verify that you are sending the routes learned from the local, lower CE
router to the remote team through the route reflector.

redistributed by the local, upper CE router?
Step 5.18
Issue the show route receive-protocol bgp 193.168.5.2 command to
verify that you are also receiving the remote, upper CE router’s static routes at your
PE router from the route reflector.
Question: Is your PE router receiving the BGP routes

redistributed by the remote, upper CE router?
Step 5.19
Issue the show route advertising-protocol bgp upper-ce-address
command to verify that you are sending the routes originated by the remote, upper
CE router to the local, upper CE router.

Junos MPLS and VPNs
originated by the remote, upper CE router to the
local, upper CE router?
Step 5.20
Step 5.21
Verify reachability to the remote, upper CE router by pinging the loopback address
five times. This task can be accomplished by issuing the ping
remote-ce-loopback source local-ce-loopback count 5 command.
Question: Did the ping test complete?
Note
If you are not receiving or sending any of
the routes from the previous steps, please
review your configuration and work with the
remote team for your pod. Request
assistance from the instructor as needed.
Part 6: Implementing Route Target Filtering
In this lab part, you will implement route filtering on your PE router. You will alter the
upper CE router’s , to demonstrate the purpose of route target filtering
at the route reflector. You will review the default route advertising behavior from the
route reflector by utilizing the option. You will configure the PE router to
signal route target filtering and verify the route reflector is no longer sending you
routes with target values for which your PE router is not configured.
Step 6.1
Step 6.2
vpn-upper hierarchy. Alter the you have configured for this VPN
using the table below as your guide. After making this configuration change, commit
and exit to operational mode.
Junos MPLS and VPNs
Pod PE Target Community

A pe1 target:65512:103
A pe2 target:65512:104
B pe1 target:65512:203
B pe2 target:65512:204
C pe1 target:65512:303
C pe2 target:65512:304
D pe1 target:65512:403
D pe2 target:65512:404
Note
Your routes will be advertised to the route
reflector, but when you receive the routes
for the remote CE router, your PE router will
evaluate the target value against the
targets configured for your VPNs and reject
the routes that do not match the local
target values.
Step 6.3
Review the routes that you have accepted and installed in your
routing table.
Question: Do you see the vpn-upper routes for

the remote CE router?
Step 6.4
hierarchy. Enable the functionality for your BGP session. This
functionality will cause the PE router to keep all VPN routes that are advertised to it
from the route reflector, regardless of value. Commit your
configuration changes and exit to operational mode.
Step 6.5
routing table after adding the functionality.

Junos MPLS and VPNs
Step 6.6
hierarchy. Configure your router to signal the route target NLRI for the IBGP session
to the route reflector. Commit your configuration and exit to operational mode.
Step 6.7
routing table after configuring the PE router to implement the route target filtering
NLRI to the route reflector.

Part 7: Configuring Internet Access Using a Non-VRF Interface
In this lab part, you will establish Internet access for your CE router connected to the
vpn-lower instance. You will create another logical unit on the same physical
interface connecting the CE router to the PE router. You will create a static default
route on the CE router that points to the PE router’s non-VRF interface as the next
hop. You will configure the PE router’s non-VRF interface as passive in your IGP, to
allow reachability to the CE router from the core network. You will ping one of the
core router’s loopback interfaces from your CE device to simulate connectivity to the
Internet (networks outside the VPN instance).
Step 7.1
Configure the additional logical unit, VLAN, and IP address for the PE router
interface.
Step 7.2
Navigate to the hierarchy and create a static route
on your PE router that encompasses all of your static routes on your CE router in a
single prefix (it will be a /22 route). The next hop for this route will be the CE
interface address for the non-VRF connection. You will also need to add your CE
router’s loopback address as a static route with the same next hop.
Step 7.3
Navigate to the hierarchy. Create a policy named
statics that will be used to redistribute your static routes into OSPF.

Junos MPLS and VPNs
Step 7.4
Navigate to the hierarchy and add the non-VRF
interface as passive. Export the static routes you created in the previous step into
your IGP by using the policy statics. This action allows the core network’s IGP to
route traffic back to the CE network through the non-VRF connection.
Step 7.5
Navigate to the local-ce hierarchy and add the
non-VRF interface. Configure a static default route that points to the non-vrf
interface address as the next hop. Commit your configuration and exit to operational
mode.
Step 7.6
Step 7.7
Issue the ping p-router-loopback source local-ce-loopback count 5
command to verify that you can ping the loopback address of one of the core routers
five times, sourced from your CE router’s loopback address. You can review Part 1
diagram that shows the core network if you do not recall the loopback addresses of
the core routers.
Question: Do the ping requests complete?
Step 7.8
Step 7.9

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Lab
GRE Tunnel Integration
Overview
In this lab, you will establish a point-to-point Layer 3 virtual private network (VPN) using a
generic routing encapsulation (GRE) tunnel between provider edge (PE) routers. You will
also configure OSPF routing between your PE and customer edge (CE) router. You will
share your routes with the remote PE through the Layer 3 VPN using Multiprotocol Border
Gateway Protocol (MP-BGP).
• Load a baseline configuration for your router. This configuration includes your
baseline core configuration including OSPF and BGP. The baseline also
lab.
• Configure a VPN routing and forwarding (VRF) table and OSPF routing between
your PE router and CE router and redistribute your CE router’s static routes into
OSPF.
• Configure a GRE tunnel to the remote PE router.
• Create and add a static route to inet.3.
• Redistribute the MP-BGP routes learned from the remote PE into OSPF.
• Verify connectivity and behavior using operational mode commands including
ping and commands used to examine routing tables, and PE-PE BGP
announcements.
www.juniper.net GRE Tunnel Integration • Lab 9–1

Junos MPLS and VPNs
baseline configuration and then configure MP-BGP and a route-distinguisher ID.
Note
device.
Step 1.1
necessary.
Step 1.2

Step 1.3
Step 1.4
Lab 9–2 • GRE Tunnel Integration www.juniper.net

Junos MPLS and VPNs
Step 1.5

for you?

BGP peer group? Which router in the network is
Step 1.6

neighbors?
Step 1.7
remote PE router.


Step 1.8

Junos MPLS and VPNs
Step 1.9
Step 1.10
Step 1.11
Step 1.12
Using the show mpls interface command, verify that MPLS is configured

Step 1.13
router.


Part 2: Verifying CE Router Configuration
In this lab part, you will view the configuration for CE router (logical system) that was
preconfigured as part of the loaded starting configuration in Part 1 of this lab.
Please refer to the diagram labeled “GRE Tunnel Integration Lab: Parts 2-8”.

Junos MPLS and VPNs
Step 2.1
Step 2.2
router.



policy do?
Step 2.3

Junos MPLS and VPNs
In this lab part, you will configure the PE to CE interface. You will verify reachability
using the ping utility.
Step 3.1
Step 3.2
hierarchy. Configure the appropriate interface properties foe the PE router’s
ge-1/0/4 interface as found on the network diagram. Commit your change and exit
to operational mode to verify reachability to the CE interface.
Step 3.3
Verify connectivity to the local CE device using the ping utility with a value
of 3.
Question: Does your ping complete?
route target to the VPN. You will include your CE-facing interface within this instance.
In this lab, you will be using the option because of its simplicity.
Please note that and policies would work also.
Step 4.1
hierarchy. Create a new VRF instance named vpn-pod.
For example, if you are configuring mxB-1, your VRF instance would be named
vpn-B.
Step 4.2
Navigate to the pod hierarchy. Configure
your route target. As mentioned earlier, you will be using the option.
Use the table below to determine the target community for your router.

Junos MPLS and VPNs

A target:65512:1
B target:65512:2
C target:65512:3
D target:65512:4
Step 4.3
Include the CE-facing interface in your VRF instance.
Step 4.4
Step 4.5
direct routes for your CE-facing interface. You can accomplish this task by issuing
the show route table vpn-pod.inet.0 command.
Part 5: Configuring OSPF Routing Between the PE and CE Routers
In this lab part, you will configure OSPF routing between your PE and CE routers.
These routes will be passed through the MP-BGP session to the remote PE router.
You will verify that these routes are shared with the remote PE device and you will
also need to verify that you are receiving the routes from the remote PE router.
Step 5.1
Step 5.2
hierarchy. Create a policy named statics that will be used to redistribute your
CE router’s static routes into OSPF.
Step 5.3
Navigate to the hierarchy. Configure your CE router’s loopback and
Ethernet interfaces as OSPF area 0.0.0.0 interfaces.

Junos MPLS and VPNs
Step 5.4
Apply the statics policy as an export policy to your CE router’s OSPF instance.
Step 5.5
Step 5.6
Enter configuration and navigate to the
vpn-pod hierarchy. Configure your PE router’s VRF interface in OSPF area 0.0.0.0
interface. Commit your configuration and exit to operational mode.
Step 5.7
Verify that the CE router and PE router have established an OSPF adjacency with
each other.
Question: Has the CE router established an OSPF

adjacency with the local PE router?
Step 5.8
Verify that the static routes that are being redistributed by the CE router can be
found in the VRF table of the PE router.
Question: Are the static routes from the local

CE router being received by your PE router as OSPF
routes?
Step 5.9
Verify that you are advertising your OSPF routes to the remote PE router as BGP
routes.
Question: What routes are being advertised to the

remote PE router?
Step 5.10
Verify that you are receiving routes from the remote PE router.

Junos MPLS and VPNs
Question: What routes are you receiving from the
remote PE router?
Question: Why are no BGP routes being stored in

the VRF table?
Step 5.11
Determine whether any hidden routes are being received from the remote PE router.
Question: Are any hidden routes being received

from the remote PE router? Why are the routes
hidden?
Part 6: Establishing a GRE Tunnel Between PE Routers
In this lab part, you will configure a GRE tunnel between the PE routers.
Step 6.1
Enter configuration mode and navigate to the hierarchy. Enable
1 Gbps tunnel service on FPC 1/PIC 0.
Step 6.2
Navigate to the hierarchy and configure a tunnel interface
named gr-1/0/10.0. The interface should source packets from the local PE router’s
loopback address. The interface should be configured to send packets destined to
the remote PE router’s loopback address. Finally, enable forwarding of MPLS and
IPv4 traffic on the tunnel interface. Commit your configuration and exit to
operational mode.
Step 6.3
Verify that the GRE interface is up and functional.
Question: Is the gr-1/0/10 interface in the

state?

Junos MPLS and VPNs
Part 7: Creating and Adding a Static Route to inet.3
In this lab part, you will configure a static route to the loopback of the remote PE
such that it is placed in the inet.3 routing table.
Step 7.1
hierarchy. Create a static route to the loopback address of the remote PE router that
will exist only in inet.3 and has a next hop of the gr-1/0/10.0 interface. Commit your
Step 7.2
Verify that the new static route exists in inet.3 and only inet.3.
Question: In which routing table has the static route

been placed?
Step 7.3
Review the routes that are installed in your VRF table.
Question: Do you see all the remote PE routes?
Question: What is the next hop for the routes that

have been received from the remote PE router?
Step 7.4
Step 7.5
Verify that you have connectivity from CE router to CE router through the Layer 3 VPN
by using the ping utility. You will ping the remote CE router’s loopback address while
sourcing the packets from your local CE router’s loopback address. You will send five
packets for this test. This task can be accomplished using the following command:
ping remote-ce-loopback source local-ce-loopback count 5 .
Question: Do all your ping packets complete? Can

you think of a reason why they would not complete?

Junos MPLS and VPNs
Step 7.6
Review the routes that are installed in the CE router’s routing table.
Question: Do you see all the remote routes?
Step 7.7
Review the LSAs that currently exist in the CE router’s link state database.
Question: Why do you think the remote networks

are not present in your CE router’s link state
database?
Question: How are the routes learned from the

remote PE routers? How are these routes
characterized in your PE router’s VRF table? What
protocol is running on the PE/CE link?
Question: Will the default OSPF export policy

advertise routes learned by BGP?
Part 8: Redistributing BGP Routes into OSPF
In this lab part, you will configure a routing policy that will take the BGP routes
learned from the remote PE router and redistribute them into OSPF.
Step 8.1

Junos MPLS and VPNs
Step 8.2
hierarchy. Create a policy named bgp-to-ospf that will be used to redistribute
BGP routes into OSPF.
Step 8.3
Navigate to pod and apply the
bgp-to-ospf policy as an export policy to the VRF’s OSPF instance. Commit your
Step 8.4
Step 8.5
Review the LSAs that currently exist in the CE router’s link state database.
Question: Do any LSAs exist in the OSPF link state

database that represent the network from the
remote site? Why or why not?
Question: What LSA types are being used to

represent the remote networks? Like what type of
OSPF router is the PE router behaving?
Step 8.6
Verify that you have connectivity from CE router to CE router through the Layer 3 VPN
by using the ping utility. You will ping the remote CE router’s loopback address while
sourcing the packets from your local CE router’s loopback address. You will send five
packets for this test. This task can be accomplished using the following command:
ping remote-ce-loopback source local-ce-loopback count 5 .
Step 8.7

Junos MPLS and VPNs
Step 8.8

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Lab
BGP Layer 2 VPNs
Overview
In this lab, you will establish a point-to-point BGP Layer 2 virtual private network (VPN)
using LDP signaled label switched paths (LSP) between provider edge (PE) routers. Once
the virtual LAN (VLAN)-based Layer 2 VPN is operational, you will configure the customer
edge (CE) routers to run one of several available routing protocols and advertise their
static route and loopback address blocks. Because this is a BGP Layer 2 VPN, the PE
routers will not interact with the routing protocols used on the CE routers.
• Load the VPN baseline configuration for your router. This configuration includes
your baseline core configuration which includes OSPF. The baseline also
lab.
• Configure an LDP-signaled label-switched path (LSP) to the remote PE router.
• Add protocol BGP support for the Layer 2 VPN network layer reachability
information (NLRI).
• Create and establish a BGP Layer 2 VPN over the core network.
• Add OSPF to your CE network and create a neighborship between your
CE router and the remote CE router.
• Export your static routes into OSPF and share these routes with the remote
CE network.
ping and commands used to examine routing tables.
www.juniper.net BGP Layer 2 VPNs • Lab 10–1

Junos MPLS and VPNs
multiprotocol label switching (MPLS) on the core-facing interfaces, configure a
MP-BGP peering session with the remote PE router, and configure a
route-distinguisher ID.
Note
device.
Step 1.1
necessary.
Step 1.2

Step 1.3
Lab 10–2 • BGP Layer 2 VPNs www.juniper.net

Junos MPLS and VPNs
Step 1.4
Step 1.5

for you?
Step 1.6

neighbors?
Step 1.7
Navigate to the hierarchy. Configure a IBGP peer group
called my-int-group. Use your router’s loopback address as the source address
of all IBGP packets. Finally, configure your router to peer with the remote PE router.
Step 1.8
To allow for the exchange of BGP Layer 2 VPN routes, enable the
network layer reachability information (NLRI) for your PE router’s BGP
session with the remote PE router. Make sure to also enable the exchange of
standard unicast IP version 4 (IPv4) routes as well. Commit your configuration and
exit to operation mode.
Step 1.9
remote PE router.


Junos MPLS and VPNs
Step 1.10
Step 1.11
Step 1.12
interface.
Step 1.13
Step 1.14

Step 1.15

Step 1.16

Junos MPLS and VPNs
Step 1.17
Question: Are your MPLS pings successful?
In this lab part, you will verify (on the CE router) and configure (on the PE router) the
PE to CE interface. You will add the correct VLAN tag and ensure that the proper
encapsulation is configured. Later, you will add this interface to your BGP Layer 2
VPN instance.
Step 2.1
Step 2.2
router.



Junos MPLS and VPNs
policy do?
Question: What is the IP address of the remote CE

router’s ge-1/1/4 interface?
Question: Why must both CE router interfaces be in

the same subnet?
Step 2.3
Use the ping utility to attempt to ping the remote CE router’s ge-1/1/4 interface.
Step 2.4
Step 2.5
Configure the PE to CE interface properties outlined in the lab diagram. You will start
with enabling for the interface. You will configure the interface to
handle encapsulation. When you configure the unit, you will also have to
specify the encapsulation for the logical interface also. Because we are configuring
a Layer 2 VPN there will not be any Layer 3 information associated with this
interface. Assign the correct value and commit your changes.
Part 3: Configuring a BGP Layer 2 VPN Instance
In this lab part, you will configure a BGP Layer 2 VPN instance. You begin by enabling
BGP to signal the Layer 2 NLRI. You will create your BGP Layer 2 VPN instance and
assign a unique route target. You will include your CE-facing interface within this
instance. In this lab you will be using the option because of its
simplicity. Please note that and policies would work
also. Use the following table as your guide for configuring your target communities in
this part of the lab.

Junos MPLS and VPNs
Pod Lower Target

A target:65512:1
B target:65512:2
C target:65512:3
D target:65512:4
Step 3.1
Navigate to the hierarchy. Create a new instance
called vpn-pod. For example, if you are using mxB-1, you are in pod B so your
instance would be called vpn-B. Configure the instance type as .
Step 3.2
Navigate to the pod hierarchy. Configure
your route target. Refer to the table above to determine the target community for
your pod.
Step 3.3
Include the CE-facing interface in your Layer 2 VPN instance.
Step 3.4
Navigate to the vpn-pod
hierarchy. Configure the protocol properties for the BGP Layer 2 VPN. You will be
using the encapsulation type . You will configure your site name to
reflect the name of your CE router. Please refer to lab diagram to determine which
site identifier you should use. Because we are only dealing with 2 sites, you will not
need to configure the remote site ID. You must also indicate the interface that will be
participating in your BGP Layer 2 VPN. Commit and exit to operational mode after
you have completed your changes.
Question: With which remote site will your

configuration automatically associate?
Note
previous steps.
Step 3.5
Verify your Layer 2 VPN connection by issuing the show l2vpn connections
command.
Junos MPLS and VPNs
Question: What is the status of your connection?
Step 3.6
Step 3.7
Verify reachability from your CE router to the remote CE router. You will ping the
remote CE interface five times using the ping remote-ce-address count 5
command.
Part 4: Configuring Routing Protocols on the CE Router
In this lab part, you will configure OSPF on your CE router. You will create a policy
that will export your static routes to your OSPF neighbor. You will peer with the
remote CE router across the BGP Layer 2 VPN you created in Part 4. You will
configure the CE router to share the static routes that you have configured. You will
verify that you are receiving the remote networks and verify reachability to the
remote loopback using the ping utility.
Step 4.1
static routes into OSPF.
Step 4.2
Navigate to the hierarchy. Configure your loopback
and PE-facing interface under area 0.
Step 4.3
Apply the policy statics you defined as an export policy to your OSPF protocol.
This action will export your static routes to your peer. Commit and exit to operational
mode.

Junos MPLS and VPNs
Note
previous steps.
Step 4.4
Verify that the neighbor relationship has established between the CE routers by
issuing the show ospf neighbor command.
Step 4.5
Review the routes being learned by OSPF and ensure you have the remote
CE router’s static routes by issuing the show route protocol ospf
command.
Question: Do you see all the remote CE router’s

static routes?
Step 4.6
Verify you have reachability to the remote CE network by pinging the remote
CE router’s loopback address five times, while sourcing the packets from your local
CE router’s loopback address.
Question: Do your pings complete?
Step 4.7
Step 4.8

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Lab
Circuit Cross-Connect and LDP Layer 2 Circuits
Overview
In this lab, you will establish an LDP Layer 2 circuit using RSVP signaling between provider
edge (PE) routers. Once the virtual LAN (VLAN)-based LDP Layer 2 circuit is operational,
you will configure the customer edge (CE) routers to run one of several available routing
protocols and advertise their static route and loopback address blocks. Because this is a
Layer 2 circuit, the PE routers will not interact with the routing protocols used on the
CE routers. After verifying the connection from CE to CE, you will delete the LDP Layer 2
circuit configuration and configure a circuit cross connect (CCC) connection. You will then
verify the connection again from CE to CE.
your baseline core configuration which includes OSPF. The baseline also
lab.
• Configure an RSVP-signaled label-switched path (LSP) to the remote PE router.
• Create and establish an LDP Layer 2 circuit over the core network.
• Add OSPF to your CE network and create a neighbor relationship between your
local CE router and the remote CE router.
• Export your static routes into OSPF and share these routes with the remote
CE network.
• Create and establish a CCC Layer 2 connection over the core network.
ping and commands used to examine routing tables.
www.juniper.net Circuit Cross-Connect and LDP Layer 2 Circuits • Lab 11–1

Junos MPLS and VPNs
Part 1: Creating the Baseline SP Network
baseline OSPF configuration and then enable Resource Reservation Protocol (RSVP)
and multiprotocol label switching (MPLS) on the core-facing interfaces.
Note
device.
Step 1.1
necessary.
Step 1.2

Step 1.3
Step 1.4
Lab 11–2 • Circuit Cross-Connect and LDP Layer 2 Circuits www.juniper.net

Junos MPLS and VPNs
Step 1.5

for you?
Step 1.6
operational.

neighbors?
Step 1.7
MPLS family on each interface. Navigate to the hierarchy
and enable on both of the core-facing interfaces.
Step 1.8
Step 1.9
Configure the RSVP protocol on the core-facing interfaces. Commit your
Step 1.10

Step 1.11
Use the show rsvp interface command to verify that RSVP is configured

Junos MPLS and VPNs
Question: Is it now possible for your router to
establish RSVP-signaled LSPs?
Part 2: Establishing an RSVP-Signaled LSP Between PE Routers
In this lab part, you will use RSVP to signal an LSP to the remote PE router through
the core network. You will verify that the RSVP LSP is established and the RSVP route
is installed in your routing table. You will configure an extended LDP session by
adding your loopback interface to LDP protocol configuration, because an LDP
Layer 2 circuit requires LDP signaling for exchanging virtual circuit (VC) labels
between PE routers.
Step 2.1
hierarchy. First, turn off constrained shortest path first (CSPF) by issuing the set
no-cspf command. Then, create a named
Verify that the configuration looks correct.
Step 2.2
Navigate to the hierarchy and configure an extended
LDP session by adding the loopback interface to the LDP protocol. As mentioned
previously, this will allow LDP to exchange VC labels between the PE routers. Commit
your configuration changes and exit to operational mode.
Step 2.3
Verify that the LSP has been established and is ready for use.
Step 2.4
Verify that the routing table has been created and contains the RSVP route
to the remote PE router.
Question: Do you see the RSVP route to the remote


Junos MPLS and VPNs
In this lab part, you will configure the PE to CE interface. You will add the correct
VLAN tag and ensure that the proper encapsulation is configured. Later, you will add
this interface to your LDP Layer 2 circuit instance. You will also reconfigure the CE to
PE interface because both the local CE interface and the remote CE interface must
be on the same network.
Step 3.1
Step 3.2
router.




the same subnet?
Step 3.3

Junos MPLS and VPNs
Step 3.4
Step 3.5
Configure the PE to CE interface properties outlined in the lab diagram. You will start
with enabling for the interface. You will configure the interface to
handle encapsulation. When you configure the unit, you will also have
to specify the encapsulation for the logical interface. Because you are configuring a
Layer 2 VPN, no Layer 3 information is associated with this interface. Assign the
correct value and commit your changes.
Part 4: Configuring a LDP Layer 2 Circuit
In this lab part, you will configure an LDP Layer 2 circuit. You will create the circuit to
the remote PE router’s loopback address and assign the correct CE-facing interface.
You will assign a unique VC identifier. You will then verify that the circuit has been
signaled and is functioning properly.
Step 4.1
Navigate to the hierarchy and specify the
address for the circuit. Add the PE to CE interface that will be
participating in this neighbor relationship. Use the table below to assign a VC
identifier value to the interface. Review your configuration changes, commit, and
exit to operational mode.
Pod VC
Identifier
A 1
B 2
C 3
D 4
Note
previous steps.
Step 4.2
Verify that the LDP Layer 2 circuit is up and functional by issuing the show
l2circuits connections command.

Junos MPLS and VPNs
Question: What is the status of your circuit?
Question: Can you tell from the output what your

VC identifier is?
Step 4.3
Step 4.4
Verify reachability from your CE router to the remote CE router. You will ping the
remote CE to PE interface five times, sourced from your local CE to PE interface
using the ping remote-ce-address count 5 command.
Part 5: Configuring Routing Protocols on the CE Router
In this lab part, you will configure OSPF on your CE router. You will create a policy
that will export your static routes to your OSPF neighbor. Your router’s OSPF neighbor
will be the remote CE router across the LDP Layer 2 circuit you created in Part 4. You
will configure the CE router to share the static routes that you have configured. You
will verify that you are receiving the remote networks and verify reachability to the
remote loopback using the ping utility.
Step 5.1
static routes into OSPF.
Step 5.2
Navigate to the hierarchy. Configure your loopback
and PE-facing interface under area 0.

Junos MPLS and VPNs
Step 5.3
Apply the policy statics you defined as an export policy to your OSPF protocol.
This change will export your static routes to your peer. Commit and exit to
operational mode.
Note
previous steps.
Step 5.4
Verify that the neighbor relationship has established between the CE routers by
issuing the show ospf neighbor command.
Step 5.5
Review the routes being learned by OSPF and ensure that you have the remote
CE router’s static routes by issuing the show route protocol ospf
command.
Question: Do you see all the remote CE router’s

static?
Step 5.6
Verify that you have reachability to the remote CE network by pinging the remote
CE router’s loopback address five times, while sourcing the packets from your local
CE router’s loopback address.
Question: Do your pings complete?
Part 6: Configuring a CCC Connection Between PE Routers
In this lab part, you will establish a point-to-point Layer 2 VPN using the Junos
operating system’s CCC feature in support of a VLAN environment. MPLS-tagged
VLAN frames will be transported between PE routers over an RSVP-signaled LSP.
Once the Layer 2 CCC connection is established, you will verify that your CE routers
can route using OSPF. Because this is a Layer 2 VPN, the PE routers will not interact
with the routing protocols used on the CE routers. Please refer to the lab diagram
titled “CCC and LDP L2 Circuits Lab – Part 6” for interface properties.
Junos MPLS and VPNs
Step 6.1
Step 6.2
Enter configuration mode. Delete your LDP Layer 2 circuit configuration and delete
the ge-1/0/4 interface configuration. Commit your configuration changes.
Step 6.3
Navigate to the ge-1/0/5 hierarchy. Configure the PE to
CE interface properties outlined in the lab diagram. You will start with enabling
for the interface. You will configure the interface to handle
encapsulation. When you configure the unit, you will also have to specify
the encapsulation for the logical interface. Because we are configuring a Layer 2
connection, no Layer 3 information is associated with this interface. Assign the
correct value and commit your changes
Step 6.4
Navigate to the top of the hierarchy and issue the command replace
pattern ge-1/1/4 with ge-1/1/5. This action will change all references in
the configuration of ge-1/1/4 to ge-1/1/5, which is the new CE interface being used
in the lab diagram. Verify that the interface being applied for the CE logical system
has been changed. Remember to verify the change also applied to your CE router’s
OSPF configuration. When you are satisfied with the change commit your
configuration.
Step 6.5
Navigate to the hierarchy and configure a
named vpn1. Assign your PE interface used to
connect to your CE router (ge-1/0/5) to the interface switch. For the interface you
assign, you have to specify the lsp-name and the
lsp-name for the traffic to use to get to and from the remote end
of the connection. You will assign the RSVP LSP that you configured in Part 2 as you
transmit LSP and you will assign the LSP that the remote team created as you
receive LSP. If you do not remember the names, you can view them in the output
from the run show mpls lsp command. Commit your configuration changes
Note
previous steps.
Step 6.6
Verify that the CCC connection is up and ready to use by issuing the show
connections command.

Junos MPLS and VPNs
Question: What is the status of the CCC
connection?
Step 6.7
Step 6.8
Verify that you can ping five times through the CCC circuit you just configured.
Question: Do your ping packets complete?
Step 6.9
Verify that your OSPF neighborship has established over the CCC circuit.
Question: What is the state of your OSPF

adjacency?
Step 6.10
Step 6.11

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Lab
VPLS
Overview
In this lab, you will establish an LDP virtual private LAN service (VPLS) and a BGP VPLS
between provider edge (PE) routers. You will also configure a virtual switch to act as the
customer edge (CE) router. There will be redundant links between the PE and CE routers
so you will be required to prevent any Layer 2 loops from forming.
• Load the virtual private network (VPN) baseline configuration for your router.
This configuration includes your baseline core configuration including Open
Shortest Path First (OSPF). The baseline also contains a logical system
configuration that will be used to generate data traffic for this lab.
• Configure Layer 2 interfaces and apply them to a virtual switch that you will
configure to act as the CE router.
• Configure LDP signaling to enable MPLS label-switched paths (LSPs) between
PE routers.
• Configure an LDP VPLS.
• Configure a BGP VPLS.
• Configure redundant links between CE and PE routers and prevent Layer 2
loops from forming.
ping and commands used to examine routing tables, and PE to PE router BGP
announcements.
www.juniper.net VPLS • Lab 12–1

Junos MPLS and VPNs
multiprotocol label switching (MPLS) on the core-facing interfaces.
Note
device.
Step 1.1
necessary.
Step 1.2

Step 1.3
Step 1.4
Lab 12–2 • VPLS www.juniper.net

Junos MPLS and VPNs
Step 1.5

for you?
Step 1.6
operational.

neighbors?
Step 1.7
MPLS family on each interface. Navigate to the hierarchy
and enable on both of the core-facing interfaces.
Step 1.8
Step 1.9
interface. Commit your configuration and exit to operational mode.
Step 1.10

Step 1.11

Junos MPLS and VPNs
Step 1.12

Answer:
Step 1.13
Question: Are your MPLS pings successful?
Part 2: Verifying the Customer Router
In this lab part, you will verify the state of the logical system that represents you
locally attached customer routers.
Step 2.1
Step 2.2
router.
Question: Which interfaces have been configured

on the CE router? According to the lab diagram, do
they have the appropriate IP addressing?

Junos MPLS and VPNs

the same subnet?
Step 2.3
Step 2.4
Part 3: Configuring a Virtual Switch Instance
In this lab part, you will configure a virtual switch that will act as a CE device for this
lab. The virtual switch will be configured to have one interface that connects to the
customer virtual router and two interfaces that connect to the PE router. Use the lab
diagram to see the intended connectivity.
Step 3.1
hierarchy. Create a new virtual switch instance named ce-vs.
Step 3.2
Navigate to the hierarchy and configure the three Layer 2
interfaces that will be used by the virtual switch. Make sure to specify an
encapsulation of at the physical interface level
and an encapsulation of at the subinterface level.
Step 3.3
Navigate to the and configure a bridge
domain named vlan_vlan-id using the appropriate virtual LAN (VLAN) ID. Add
the three Layer 2 interfaces to the new bridge domain. Commit your configuration

Junos MPLS and VPNs
Step 3.4
Verify the status of the Layer 2 CE device using the show bridge domain
command.
Question: Have the three interfaces been applied to

the correct routing instance and bridge domain?
Part 4: Configuring an LDP VPLS Instance
In this lab part, you will configure an LDP VPLS instance. You will include the
CE router-facing interface within this instance.
Step 4.1
Configure ge-1/0/6 interface to be used as the CE router-facing interface for the
VPLS.
Step 4.2
Navigate to the hierarchy. Create a new VPLS
instance named vpn1.
Step 4.3
Navigate to the vpn1 hierarchy. Add the
ge-1/0/6 interface to the routing instance.
Step 4.4
Create an LDP VPLS using a VPLS ID of 100 and specify the remote PE router as the
neighbor. Commit your configuration and exit to operational mode.
Step 4.5
Check the status of the VPLS connection using the show vpls connections
command.
Question: Has a VPLS pseudowire been established

to the remote PE router?
Question: What does the legend suggest the current

state might be? What is the solution to the
problem?

Junos MPLS and VPNs
Step 4.6
tunnel services on FPC slot 1, PIC slot 0 at a bandwidth of 1 Gbps. Commit your
Step 4.7
extensive command. Ensure that the remote group has completed the previous
step of the lab.

Question: Which transmit and receive labels have

been reserved for the VPLS?
Question: Which local interfaces are listed as

participating in the VPLS?
Step 4.8
Step 4.9
Verify that you have connectivity from the local customer router to the remote
customer router through the VPLS by using the ping utility. You will ping the remote
customer router’s ge-1/1/4 address. You will send five packets for this test.
Answer: Yes, they should all complete. If they do not,

please review your configuration and request
assistance from your instructor, if needed.
Step 4.10

Junos MPLS and VPNs
Step 4.11
Use the show vpls statistics command to view details of traffic that has
traversed the VPLS.
Question: How many broadcast packets have been

received on the ge-1/0/6 interface? Can you think
of a reason why the PE router has received a
broadcast packet?
Step 4.12
Use the show vpls mac-table command to determine whether the PE router
has learned any MAC addresses. You might need to issue another ping from the
local customer router to allow for the PE router to learn MAC addresses.
Question: Of the MAC addresses that have been

learned, which one is owned by the local customer
router and which one is owned by the remote
customer router?
Part 5: Using MSTP to Prevent a Layer 2 Loop in a VPLS
In this lab part, you will add an extra interface for redundancy between the PE and
CE routers that will cause a Layer 2 loop to form. To ensure that only one interface is
learning and forwarding at any one time, you will configure Multiple Spanning Tree
Protocol (MSTP) between the PE and CE routers using a Layer 2 control instance on
the PE router.
Step 5.1
Configure the ge-1/0/7 interface to be used as the CE router-facing interface for the
VPLS. Remember that you have already added the peer interface to the CE router
(ge-1/1/7).
Step 5.2
Navigate to the hierarchy. Add the ge-1/0/7
interface to the VPLS. Commit your configuration and exit to operational mode.
Step 5.3
Be aware that you have now created a Layer 2 loop between the PE and CE routers!
Verify with the show vpls connections extensive command that the new
interface has been added to the VPLS.

Junos MPLS and VPNs
Question: Which interfaces are now listed as
Step 5.4
Step 5.5
Verify that a Layer 2 loop is in the network by issuing a ping to the broadcast address
for the CE to PE subnet. Attempt to ping 5 times. For example, if you are operating
mxB-1, you would issue the command ping 10.0.20.255 count 5.
Question: Based on the results of the ping, does

there appear to be a Layer 2 loop in the network?
Step 5.6
Step 5.7
hierarchy. Create a new Layer 2 control instance named vpn1-l2control.
Step 5.8
In the vpn1-l2control instance, configure MSTP to run on the ge-1/0/6 and
ge-1/0/7 interfaces. Set the MSTP configuration name to vpn1 and the revision
level to 1.
Step 5.9
In the ce-vs virtual switch instance, configure MSTP to run on the ge-1/1/6 and
ge-1/1/7 interfaces. Set the MSTP configuration name to vpn1 and the revision
level to 1. Commit your configuration and exit to operational mode.
Step 5.10
Use the show spanning tree interface for both the virtual switch and the
Layer 2 control instance to determine which interfaces are in the (forwarding)
state and which interfaces are in the (blocking) state.
Question: Are there any interfaces currently in the

blocking state?

Junos MPLS and VPNs
Question: Does a Layer 2 loop exist between the PE
and CE routers?
Step 5.11
Step 5.12
Verify that a Layer 2 loop has been removed from the network by issuing a ping to
the broadcast address on the PE-CE link.

Step 5.13
Part 6: Adding a Subinterface to the Customer Router
In this lab part, you will add a new subinterface to ge-1/1/4 interface as shown in
the lab diagram. These changes will be made so the local customer router can be
used to generate ping traffic for testing the BGP VPLS.
Step 6.1
customer-router-name hierarchy. Configure the appropriate
interface properties for the ge-1/1/4 interface as found on the lab diagram.
Part 7: Configuring the Virtual Switch Instance
In this lab part, you will configure the virtual switch to have a another subinterface
that connects to the customer virtual router and two interfaces that connect to the
PE router. Use the lab diagram to see the intended connectivity.

Junos MPLS and VPNs
Step 7.1
Navigate to the hierarchy and configure the three Layer 2
interfaces that will be used by the virtual switch. Make sure to specify an
encapsulation of at the physical interface level
and an encapsulation of at the subinterface level.
Step 7.2
Navigate to the hierarchy and configure
a bridge domain named vlan_vlan-id using the appropriate VLAN ID. Add the
three Layer 2 interfaces to the new bridge domain. Commit your configuration and
Step 7.3
Verify the status of the Layer 2 CE device using the show bridge domain
command.
Question: Have the three interfaces been applied to

the correct routing instance and bridge domain?
Part 8: Configuring a BGP VPLS with Redundant Links between CE and PE Routers
In this lab part, you will configure a BGP VPLS instance. You will include the
ge-1/0/8 and ge-1/0/9 CE router-facing interfaces within this instance. To prevent a
Layer 2 loop from forming, your will use the command.
Step 8.1
hierarchy. Configure a IBGP peer group called my-int-group. Use your router’s
loopback address as the source address of all IBGP packets. Finally, configure your
router to peer with the remote PE router.
Step 8.2
Configure your PE router to PE router BGP session to support .
Step 8.3
Navigate to the hierarchy. Configure the ge-1/0/8 and
ge-1/0/9 interfaces to be used as the CE router-facing interfaces for the VPLS.
Step 8.4
Navigate to the hierarchy. Create a new VPLS
instance named vpn2.
Step 8.5
Navigate to the vpn2 hierarchy. Add the
ge-1/0/8 and ge-1/0/9 interfaces to the routing instance.

Junos MPLS and VPNs
Step 8.6
Configure a route target community for the VPLS. Use the following table as your
guide for configuring your target communities in this part of the lab.

A target:65512:100
B target:65512:200
C target:65512:300
D target:65512:400
Step 8.7
Configure a route distinguisher for the VPLS. Use the following table as your guide
for configuring a route distinguisher in this part of the lab.
Router Route
Distinguisher
mxA-1 193.168.1.1:1
mxA-2 193.168.1.2:1
mxB-1 193.168.2.1:1
mxB-2 193.168.2.2:1
mxC-1 193.168.3.1:1
mxC-2 193.168.3.2:1
mxD-1 193.168.4.1:1
mxD-2 193.168.4.2:1
Step 8.8
Create a BGP VPLS. Use the following table to complete the configuration. Commit
Router Site Site ID

Name
mxA-1 site1 1
mxA-2 site2 2
mxB-1 site1 1
mxB-2 site2 2

Junos MPLS and VPNs
Router Site Site ID

Name
mxC-1 site1 1
mxC-2 site2 2
mxD-1 site1 1
mxD-2 site2 2
Step 8.9
Step 8.10
Verify that a Layer 2 loop is in the network by issuing a ping to the broadcast address
for the CE to PE subnet. Attempt to ping 5 times. For example, if you are operating
mxB-1, you would issue the ping 10.0.21.255 count 5 command.

Step 8.11
Step 8.12
Enter configuration and mode and navigate to the
vpn2 hierarchy. To prevent that loop, configure the ge-1/0/8 interface as the
active-interface for the site. Commit your configuration and exit to operational mode.
Step 8.13
extensive command. Ensure that the remote group has completed the previous
step of the lab.

Question: What local interfaces are listed as


Junos MPLS and VPNs
Question: Can you tell from the output of the
command which CE router-facing interface is
currently active?
Step 8.14
View the vpn2 routing table by using the show route table vpn2
extensive command. Analyze the route that was received from your remote
neighbor.
Question: What is the Site ID, Label Offset, Label

Base, and Range of the label block advertised by
your remote neighbor?
Step 8.15
Step 8.16
Verify connectivity from the local customer router to the remote customer router
through the VPLS by using the ping utility. You will ping the remote customer
router’s ge-1/1/4 address. You will send five packets for this test.
Step 8.17
Step 8.18
Question: Which CE router-facing interface is being

used for forwarding in the vpn2 routing instance?

Junos MPLS and VPNs
Step 8.19
Enter configuration mode and disable the ge-1/0/8 interface. Commit your
Step 8.20
extensive command.
Question: Can you tell from the output of the

command which interface is being used for learning
and forwarding between the PE and CE routers?
Step 8.21
Step 8.22
Verify that you have connectivity from the local customer router to the remote
customer router through the VPLS by using the ping utility. Ping the remote customer
router’s ge-1/1/4 address. Send five packets for this test.
Step 8.23
Step 8.24
Question: Which CE router-facing interface is being

used for forwarding?

Junos MPLS and VPNs
Step 8.25

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Lab
Carrier-of-Carriers VPNs
Overview
In this lab you, will establish a BGP virtual private LAN service (VPLS) between two
provider edge (PE) routers that belong to different autonomous systems (ASs).
Carrier-of-carriers virtual private networks (VPNs) option C will be used to provide the PE
to PE VPLS signaling and forwarding plane. You must also configure a Layer 3 VPN from
the provider PE routers to pass customer internal routes between ASs. You will also use
address family when passing routes between the provider PE router
and the customer CE routers. Finally, you will configure the customer CE routers to pass
any learned routes from the provider (remote customer site routes) to the customer
PE router using the address family.
your baseline core configuration including OSPF and BGP.
• Configure a logical system to generate traffic from the subscriber sites.
• Configure a Layer 3 VPN between the provider PE routers and configure an
multiprotocol EBGP session with the customer CE router using the
address family.
• Configure a bidirectional LSP between the provider PE routers and between the
customer PE and CE.
• Configure an IBGP session between the customer CE and PE using the
address family.
• Configure a multihop EBGP session between the customer CE routers using the
address family.
• Configure a BGP VPLS to provide connectivity between the subscriber
CE routers.
ping and commands used to examine routing tables, and PE-PE BGP
announcements.
www.juniper.net Carrier-of-Carriers VPNs • Lab 13–1

Junos MPLS and VPNs
baseline configuration and then enable Resource Reservation Protocol (RSVP) and
multiprotocol label switching (MPLS) on the core-facing interfaces, configure
MP-BGP, and configure a route-distinguisher ID.
Note
device.
Step 1.1
necessary.
Step 1.2

Step 1.3
Lab 13–2 • Carrier-of-Carriers VPNs www.juniper.net

Junos MPLS and VPNs
Step 1.4
Step 1.5

for you?
Step 1.6

neighbors?
Step 1.7
remote PE router.

Question: Which address family has been

negotiated for the BGP session? Which type of
routes can be advertised between the two PE
routers?
Step 1.8

Junos MPLS and VPNs
Step 1.9
Step 1.10
Configure the RSVP protocol on the core-facing interfaces.
Step 1.11
Step 1.12
Step 1.13

Step 1.14
router.



Junos MPLS and VPNs
Part 2: Establishing an RSVP-Signaled LSP Between PE Routers
In this lab part, you will use RSVP to signal an LSP to the remote PE router through
the core network. You will verify that the RSVP LSP is established and the RSVP route
is installed in your routing table.
Step 2.1
hierarchy. Create a to your remote peer’s loopback
address. Use the table below to determine the name of your LSP. Verify that the
configuration looks correct. Commit and exit to operation mode when you are
satisfied with the changes.
Router LSP
Name
mxA-1 lsp1
mxA-2 lsp2
mxB-1 lsp1
mxB-2 lsp2
mxC-1 lsp1
mxC-2 lsp2
mxD-1 lsp1
mxD-2 lsp2
Step 2.2
Verify that the LSP has been established and is ready for use.
Step 2.3
Verify that the routing table has been created and contains the RSVP route
to the remote PE router.
Question: Do you see the RSVP route to the remote


Junos MPLS and VPNs
Part 3: Configuring the Subscriber CE Router Properties
In this lab part, you will create a logical router on your device. This logical router will
act as the subscriber CE router and will be used for testing connectivity between
sites.
Step 3.1
Familiarize yourself with the Lab network diagram. Notice that there is a provider AS,
two customer ASs, and two subscriber CE routers.
Question: What are the names of the two provider

PE routers?
Question: What are the names of the customer PE

routers in the customer autonomous systems?
Question: What are the names of the customer CE

routers in the customer autonomous systems?
Question: What are the names of the two subscriber

routers?
Step 3.2
Configure the ge-1/1/6 interface to support vlan-tagging.
Step 3.3
Navigate to the s-ce-name
hierarchy and configure the ge-1/1/6 using the properties specified on the lab
diagram. Commit your configuration and exit to operational mode.
Step 3.4
Verify that the ge-1/1/6 interface is operational and configured with the correct
properties by viewing the routing table of the subscriber CE router.

Junos MPLS and VPNs
Question: Can the 10.0.51.0/24 subnet be found in
the subscriber CE router’s routing table?
Part 4: Configuring a Layer 3 VPN on the Provider PE Routers
In this lab part, you will configure a Layer 3 VPN routing instance on the provider
PE router. You will include the customer CE-facing interface within this instance. You
will also configure an MP-EBGP session with the customer CE router using the
address family.
Step 4.1
Configure the ge-1/0/4 interface (with no VLAN tagging) to be used as the CE-facing
interface for the Layer 3 VPN. Be sure to enable this interface for MPLS forwarding
because it will be sending and receiving labeled packets.
Step 4.2
Navigate to the hierarchy. Create a new Layer 3
VPN instance named vpn-to-extend-lsp.
Step 4.3
Navigate to the
hierarchy. Add the ge-1/0/4 interface to the routing instance and specify a route
target community for this VRF. Use the following table as your guide for configuring
your target communities in this part of the lab.

A target:65512:100
B target:65512:200
C target:65512:300
D target:65512:400
Step 4.4
Within the vpn-to-extend-lsp routing instance, create a BGP group called
customer. Configure an MP-EBGP session using the address
family between the provider PE router and your customer CE router. Remember that
the session will not establish because you have not configured the customer CE
router yet. Commit your configuration so far.
Question: Did the configuration commit without any

errors? If not, what errors were reported?

Junos MPLS and VPNs
Step 4.5
Navigate to the hierarchy. Configure the ge-1/0/4 interface
to run the MPLS protocol. Commit your configuration so far.
Question: Did the configuration commit without any

errors?
Part 5: Configuring the Customer CE Logical System
In this lab part, you will use the logical system feature of the Junos OS to represent
the customer CE router. You will configure the customer CE router to have an
MP-IBGP session with the customer PE router and MP-EBGP session with the
provider PE router using the address family. You will also
configure an MPLS LSP to the customer PE router using LDP.
Step 5.1
Navigate to the c-ce-name hierarchy. Configure
the ge-1/1/4 and ge-1/0/5 interfaces (with no VLAN tagging). Be sure to enable
these interfaces for MPLS forwarding because they will be sending and receiving
labeled packets.
Step 5.2
Configure interface lo0.1 with the IP address listed on the lab diagram.
Step 5.3
Navigate to the c-ce-name
hierarchy. Configure the AS number for the customer CE router.
Step 5.4
hierarchy. Configure ge-1/0/4 and ge-1/0/5 to run the MPLS protocol.
Step 5.5
Configure ge-1/0/5 to run the LDP protocol.
Step 5.6
Configure OSPF (Area 0) on the lo0.1, ge-1/1/4 (passive), and ge-1/0/5 interfaces.
Step 5.7
Create a BGP group called int. Configure an MP-IBGP session using the
address family between the customer CE router and the
customer PE router. Remember that the session will not establish because you have
not configured the customer PE router yet.

Junos MPLS and VPNs
Step 5.8
Create a BGP group called ext. Configure an MP-EBGP session using the
address family between the customer CE router and the
provider PE router.
Step 5.9
hierarchy. Create a policy named internals, which will be used to advertise all of
the loopback addresses from the local customer AS.
Step 5.10
hierarchy. Apply the internals policy as an export policy to the provider PE
neighbor. Commit your configuration and exit to operational mode.
Step 5.11
the customer CE router logical system.
Step 5.12
Use the show mpls interface command to verify that MPLS has been
enabled on the correct interfaces on the customer CE router.
Question: Do the ge-1/0/5 and ge-1/1/4 interfaces

currently have MPLS enabled?
Step 5.13
Use the show ldp interface command to verify that LDP has been enabled on
the correct interfaces on the customer CE router.
Question: Does the ge-1/0/5 interface currently

have LDP enabled?
Step 5.14
Use the show ospf interface command to verify that OSPF has been enabled
on the correct interfaces on the customer CE router.
Question: Do the ge-1/0/5, ge-1/1/4, and lo0

interfaces currently have OSPF enabled?

Junos MPLS and VPNs
Step 5.15
Use the show bgp summary command to verify that a BGP neighbor relationship
has been established with the provider PE router.
Question: Is your BGP peering session with the

provider PE router established?
Step 5.16
Use the show route advertising-protocol bgp p-pe-address
command to verify that the customer CE router is advertising its loopback address to
the provider PE router. Remember that it will not advertise the customer PE router’s
loopback until the customer PE router is configured. You will configure the customer
PE router in the next part of the lab.
Question: Is the customer CE router’s loopback

address being advertised to the provider PE router?
Step 5.17
default routing instance (your provider PE router).

Junos MPLS and VPNs
Part 6: Configuring the Customer PE Logical System
In this lab part, you will use the logical system feature of the Junos OS to represent
the customer PE router. You will configure the customer PE router to have an
MP-IBGP session with the customer CE router using the
address family. You will also configure an MPLS LSP to the customer CE router using
LDP.
Step 6.1
c-pe-name hierarchy. Configure the ge-1/1/5 interface (with no VLAN tagging).
Be sure to enable this interface for MPLS forwarding because it will be sending and
receiving labeled packets.
Step 6.2
Configure interface lo0.2 with the IP address listed on the lab diagram.
Step 6.3
Navigate to the c-pe-name
hierarchy. Configure the AS number for the customer PE router.
Step 6.4
hierarchy. Configure ge-1/1/5 to run the MPLS protocol.
Step 6.5
Configure ge-1/1/5 to run the LDP protocol.
Step 6.6
Configure OSPF (Area 0) on the lo0.2 and ge-1/1/5 interfaces.
Step 6.7
Create a BGP group called int. Configure an MP-IBGP session using the
address family between the customer PE router and the
customer CE router. Commit your configuration and exit to operational mode.
Step 6.8
the customer PE router logical system.
Step 6.9
Use the show mpls interface command to verify that MPLS has been
enabled on the correct interfaces on the customer PE router.
Question: Does the ge-1/1/5 interface currently

have MPLS enabled?

Junos MPLS and VPNs
Step 6.10
Use the show ospf neighbor command to verify that an OSPF adjacency exists
with the customer CE router.
Question: Is the ospf neighbor relationship with the

customer CE in the state?
Step 6.11
Use the show ldp database command to verify that LSPs have been created to
and from the customer CE router.
Question: Are there LSPs established to and from

the customer CE router?
Step 6.12
Use the show bgp summary command to verify that a BGP neighbor relationship
has been established with the customer CE router.
Question: Is your BGP peering session with the

provider CE router established?
Part 7: Placing IBGP Learned Routes in inet.3
In this lab part, you will analyze the BGP routes that have been learned by the
customer PE router (originated in remote AS). You will ensure that these routes can
be used for the BGP next-hop recursive lookup for Layer 2 VPN NLRI that will be
advertised in the next part of the lab.
Step 7.1
Use the show route protocol bgp command to view the BGP routes that
have been learned from the remote autonomous system.
Question: In which routing table are the received

BGP routes currently being stored?

Junos MPLS and VPNs
Question: Does a BGP route exist in the

table that represents the loopback address of the
remote customer PE router?
Question: In the next part of the lab, from the local

customer PE router, you will establish a multihop
Layer 2 VPN MP-BGP session with the remote
customer PE router using loopback addresses for
peering. What will be the BGP next hop advertised
in any BGP update message received from the
remote customer PE router?
Question: For the BGP next hop of any MP-BGP VPN

routes received from the remote customer PE router
to be usable, where must the route to the next hop
exist?
Question: You learned in the output of the

command that the local customer PE router is
placing the learned BGP routes in . What
must you do to have it put the routes in
also?
Step 7.2
Configure the option for the address family.
Step 7.3
Use the show route protocol bgp command to view the BGP routes that
have been learned from the remote AS.
Question: In which routing tables are the received

BGP routes currently being stored?

Junos MPLS and VPNs
Part 8: Configuring a BGP VPLS Between Customer PE Routers
In this lab part, you will create a BGP VPLS between PE routers in two different ASs.
You will configure a multihop MP-EBGP session with the remote PE router using the
address family.
Step 8.1
Step 8.2
tunnel services on FPC 1 PIC 0 at speed of 1 g.
Step 8.3
hierarchy. Create a BGP group called ext. Configure a multihop EBGP session with
the remote customer PE router using loopback addresses for peering and the
address family.
Step 8.4
Navigate to the hierarchy. Configure the ge-1/0/6 to allow
for and an encapsulation of . Do not specify any
logical interface properties at this hierarchy.
Step 8.5
hierarchy. Configure ge-1/0/6 interface to be used as the subscriber CE
router-facing interface for the VPLS.
Step 8.6
hierarchy. Create a new VPLS instance called vpn1.
Step 8.7
vpn1 hierarchy. Add the ge-1/0/6 interface to the
routing instance.
Step 8.8
Configure a route target community for the VPLS. Use the following table as your
guide for configuring your target communities in this part of the lab.

Junos MPLS and VPNs

A target:65101:100
B target:65201:200
C target:65301:300
D target:65401:400
Step 8.9
Configure a route distinguisher using the loopback of the customer PE router. Use
the following table as your guide for configuring a route distinguisher in this part of
the lab.
Router Route
Distinguisher
mxA-1 193.168.11.3:1
mxA-2 193.168.11.4:1
mxB-1 193.168.12.3:1
mxB-2 193.168.12.4:1
mxC-1 193.168.13.3:1
mxC-2 193.168.13.4:1
mxD-1 193.168.14.3:1
mxD-2 193.168.14.4:1
Step 8.10
Create a BGP VPLS. Use the following table to complete the configuration. Commit
Router Site Site ID

Name
mxA-1 site1 1
mxA-2 site2 2
mxB-1 site1 1
mxB-2 site2 2
mxC-1 site1 1
mxC-2 site2 2

Junos MPLS and VPNs
Router Site Site ID

Name
mxD-1 site1 1
mxD-2 site2 2
Step 8.11
extensive logical-systems c-pe-name command. Ensure that the
remote group has completed the previous step of the lab.

to the remote customer PE router?
Step 8.12
the subscriber CE router logical system.
Step 8.13
Verify that you have connectivity from the local subscriber CE router to the remote
subscriber CE router through the VPLS by using the ping utility. You will ping the
remote subscriber CE router’s ge-1/1/6 address. Send 5 packets for this test.
Step 8.14
Step 8.15

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Lab
MVPN
Overview
In this lab, you will establish a multicast layer 3 VPN (MVPN) between provider edge (PE)
routers. You will configure both inclusive and selective provider tunnels using the point to
multipoint (P2MP) version of both Resource Reservation Protocol (RSVP) and Label
Distribution Protocol (LDP).
your baseline core configuration including OSPF and BGP. The baseline also
contains a logical router configuration that represents all of the other routers in
the diagram (p1, p2, pe2, pe3, ce2, and ce3).
• Configure a Layer 3 VPN which will provide connectivity between the source
server, ce2, and ce3.
• Enable the Protocol Independent Multicast (PIM) for the VPN.
• Configure an inclusive provider tunnel that uses a P2MP RSVP-signaled label
switched path (LSP) in the data plane using the default template.
• Configure a non-default template for the P2MP LSP.
• Configure the selective provider tunnel to use LDP-signaled LSPs instead of
RSVP-signaled LSPs and analyze the differences between selective and
inclusive tunnels.
www.juniper.net MVPN • Lab 14–1

Junos MPLS and VPNs
Part 1: Creating the Baseline SP Network and Enabling PE for Layer 3 MVPN Signaling
baseline configuration and then enable RSVP, LDP, and multiprotocol label switching
(MPLS) on the core-facing interfaces. You will then configure MP-BGP, and a
route-distinguisher ID.
Note
device.
Step 1.1
necessary.
Step 1.2

Step 1.3
Lab 14–2 • MVPN www.juniper.net

Junos MPLS and VPNs
Step 1.4
configuration mode and load the reset configuration file jmv/
lab14-start.config and commit.
Step 1.5

for you?

BGP peer group? Which routers in the network is
Step 1.6

neighbors?
Step 1.7
remote PE routers.
Question: Are the neighbor relationships in the

established state with the remote PE routers?


Junos MPLS and VPNs
Step 1.8
hierarchy and enable on the core-facing
interface.
Step 1.9
on the core-facing interface.
Step 1.10
Configure the RSVP protocol on the core-facing interface.
Step 1.11
Configure the LDP protocol on the core-facing interface.
Step 1.12
For PIM to perform properly, the remote sites must learn a route to the source of the
multicast traffic. In this lab, you will exchange IPv4 unicast routes (using the L3VPN)
to provide the underlying routing that allows PIM to determine the best path to the
source.
To allow for the exchange of Layer 3 VPN unicast routes, enable the inet-vpn unicast
network layer reachability information (NLRI) for your PE router’s BGP session with
the remote PE routers.
Step 1.13
To allow for the PE routers to exchange MVPN membership and discovery
information, enable the inet-mvpn signaling network layer reachability information
(NLRI) for your PE router’s BGP session with the remote PE routers.
Step 1.14
Step 1.15
core-facing interface.
Question: Can your core-facing interface now

Step 1.16
Use the show ldp database to see if LDP LSPs have been established to both of
the remote PEs.

Junos MPLS and VPNs
Question: Have LDP LSPs been established to pe2
and pe3?
Step 1.17
routers.
Question: Are the neighbor relationships in the

established state with the remote PEs?

Part 2: Verifying Remote CE Router Configuration
In this lab part, you will view the configuration for a CE router (logical system) that
was preconfigured as part of the loaded starting configuration in Part 1 of this lab.
Step 2.1
the ce2 router logical system.
Step 2.2
router.


Junos MPLS and VPNs
Question:
What protocols have been configured on the CE
router?
Answer:
Question: What multicast groups should the CE

router be attempting to join?
Question: Which router will be the rendezvous point

(RP) for the customer’s VPN? You may need to look
at the lab diagram.
Step 2.3
Issue the show ospf neighbor command to determine the state of the ce2
router’s OSPF neighbors.
Question: Has the ce2 router established an OSPF

adjacency with the neighboring PE router?
Step 2.4
Issue the show pim join command to determine if the ce2 router is currently
sending PIM joins for the two multicast groups.
Question: Has the ce2 router attempted to join the

two multicast groups? Why do you think that is the
case?
Question: In a PIM sparse mode network (when the

source is unknown), in what direction will a router
send a PIM join when attempting to join a multicast
group?

Junos MPLS and VPNs
Step 2.5
Issue the show pim rps command to ensure that the ce2 router is aware of the IP
address of the RP.
Question: Is the ce2 router aware of the IP address

of the RP?
Step 2.6
Issue the show route 193.168.1.11 command to verify that the ce2 router has
learned a route to the RP.
Question: Has the ce2 router learned a route to the

RP? Why is this significant?
Step 2.7
Issue the show route protocol ospf command to determine what OSPF
routes that the ce2 router has learned so far.
Question: What destination has ce2 router learned

by the OSPF protocol?
Question: What do the results of the command tell

your about the relationship between the pe2 and
pe3 routers?
Step 2.8
hierarchy. Disable IGMP on the ge-1/0/5.0 interface. Commit your configuration and
Step 2.9
Verify that the ce2 router is no longer attempting to find an upstream interface to
send a PIM (*,G) join by issuing the show pim join command.
Question: Is the ce2 router attempting to find an

upstream interface for any multicast group?

Junos MPLS and VPNs
Step 2.10
the pe2 router logical system.
Step 2.11
Issue the show configuration routing-instances command to view the VRF
configuration for the pe2 router.
Question: Which type of routing instance is

preconfigured?
Question: What is the name of the export policy that

is applied to the OSPF protocol? What do you think
it accomplishes?
Question: What is the significance of the

setting for the mvpn protocol?
Question: What is the significance of the

setting for the mvpn protocol?
Step 2.12
The ce3 and pe3 routers are in a similar state to ce2 and pe2, respectively.
Optionally, verify the state of the pe3 and ce3 routers before moving on to the next
part.
Step 2.13
Part 3: Configuring the PE to Source Interface
In this lab part, you will configure the PE to source interface. You will verify
reachability using the ping utility.

Junos MPLS and VPNs
Step 3.1
Configure the appropriate ge-1/0/0 interface properties found on the lab diagram.
Commit your changes and exit to operational mode to verify reachability to the
multicast sources.
Step 3.2
Verify reachability to the multicast sources using the ping utility with a value
of 3. Use the following table to determine the multicast sources for your router.
Router Multicast Sources

mxA-1 10.0.101.2,
10.0.101.3
mxA-2 10.0.102.2,
10.0.102.3
mxB-1 10.0.103.2,
10.0.103.3
mxB-2 10.0.104.2,
10.0.104.3
mxC-1 10.0.105.2,
10.0.105.3
mxC-2 10.0.106.2,
10.0.106.3
mxD-1 10.0.107.2,
10.0.107.3
mxD-2 10.0.108.2,
10.0.108.3
Question: Do your ping complete?
Step 3.3
At this point in the lab, the multicast sources should be sending multicast traffic.
Issue the show multicast usage command to determine if you are receiving
multicast traffic.
Question: What are the results of the command?

Can you tell if the pe1 router is receiving multicast
data?

Junos MPLS and VPNs
Step 3.4
Issue the clear interface statistics all command to set all interface
statistics to zero.
Step 3.5
Issue the show interfaces ge-1/0/0 extensive | find multicast
command to determine if the ge-1/0/0 interface has received any multicast data.
Question: Is the pe1 router receiving multicast

packets on the ge-1/0/0 interface?
route target community to the VPN. You will include your source-facing interface
within this instance.
Step 4.1
Configure the loopback interface for the VRF with the appropriate IP addressing.
Step 4.2
Navigate to the hierarchy. Create a new VPN
routing and forwarding (VRF) instance named vpn1.
Step 4.3
Navigate to the hierarchy. Configure your
route target. The route target for vpn1 is .
Step 4.4
Include the CE facing interface in your VRF instance.
Step 4.5
Include the lo0.11 interface in your VRF instance.
Step 4.6
Configure the option for your VRF instance.
Step 4.7

Junos MPLS and VPNs
Step 4.8
direct routes for your CE facing interface as well as the routes learned from the
remote sites. You can accomplish this by issuing the show route table vpn1
command.
Question: Do you see all of the routes from the

remote sites?
Step 4.9
command to view the routes that you are advertising to the remote sites.
Question: Which routes are being advertised to the

remote sites by the pe1 router?
Question: Why is it so important for the remote sites

to learn these two routes?
Step 4.10
Step 4.11
Issue the show route command to determine if the ce2 router has learned routes
to both the RP and the multicast sources.
Question: Has the ce2 router learned routes to both

the RP and multicast sources?
Step 4.12
Step 4.13
Issue the show route command to determine if the ce3 router has learned routes
to both the RP and the multicast sources.

Junos MPLS and VPNs
Question: Has the ce3 router learned routes to both
the RP and multicast sources?
Step 4.14
Part 5: Configuring the MVPN using Inclusive RSVP-signaled P2MP LSP
In this lab part, you will enable the MVPN such that multicast is delivered to the
remote sites over an RSVP-signaled P2MP provider tunnel.
Step 5.1
hierarchy. Create an LSP template called p2mp-template that will support a
bandwidth of 200M.
Step 5.2
Navigate to the hierarchy. Enable the PIM
protocol (sparse mode) on all interfaces of the VRF.
Step 5.3
Configure pe1 to be the RP (using lo0.11 address) for the customer’s PIM domain.
Step 5.4
Under the MVPN protocol, enable this site to only be a sender site. Also, enable the
MVPN to operate in shortest path tree only mode. Commit your configuration.
Question: Did your commit operation complete?

Why?
Step 5.5
Configure a provider tunnel that will use an RSVP-signaled P2MP LSP. Ensure that
the P2MP LSP uses the p2mp-template template that you configured earlier.
Step 5.6
Issue the show RSVP session command to verify that the P2MP LSP is established.
Question: Does the output show that the P2MP LSP

is established?

Junos MPLS and VPNs
Question: How many remote sites can be reached
from the P2MP LSP?
Question: What is the outbound label for each of

the RSVP sessions listed in the output of the
command?
Step 5.7
Issue the show multicast route instance vpn1 extensive command
to see if you router can forward the incoming multicast packets.
Question: You learned earlier that the pe1 router is

receiving multicast traffic on the ge-1/0/0
interface. Which multicast groups are these packets
destined for and at what rate are they being
received?
Step 5.8
Issue the show pim join instance vpn1 command to view the status of the
PIM forwarding tree.
Question: Is the pe1 router in the path of the PIM

shortest path forwarding tree?
Question: Why has the pe1 router not pruned the

upstream interface when it has not learned of any
interested receivers?
Step 5.9
Issue the show route table vpn1.mvpn.0 command to view the MP-BGP
MVPN routes that have been learned/created by the PE routers.
Question: Which routers have generated and

advertised the Type 1 MVPN routes? What do these
routes represent?
Question: Which routers have generated and

advertised the Type 5 MVPN routes? What do these
routes represent?

Junos MPLS and VPNs
Question:
Which routers have generated the Type 7 MVPN
routes? What do these routes represent?
Question: Why have the remote PE routers not

generated any type 7 routes?
Step 5.10
Issue the show route advertising-protocol bgp 193.168.1.4 command to
view the routes that the pe1 router is advertising to the remote PE routers.
Question: What MVPN routes are being advertised

to the remote PE routers?
Step 5.11
Step 5.12
Issue the show multicast route command to determine the type of multicast
packets that the ce2 router is currently forwarding.
Question: Is the ce2 router currently forwarding any

multicast packets?
Step 5.13
Enter configuration mode and delete the statement that you added to the
ge-1/0/5.0 interface earlier in the lab. View your configuration, commit your
configuration, and exit to operational mode.
Step 5.14
Issue the show pim join command to determine if the ce2 router is attempting
to join the PIM source tree for the two multicast groups.
Question: Has the ce2 router joined the PIM source

tree?
Step 5.15
Issue the show multicast route command to determine the type of multicast
packets that the ce2 router is currently forwarding.

Junos MPLS and VPNs
Question: Is the ce2 router currently forwarding any
multicast packets?
Step 5.16
Step 5.17
Issue the show route table vpn1.mvpn.0 command to seen if any new
MVPN routes have been learned from the remote PEs.
Question: Have any new routes been learned from

the remote PEs? Which routers are advertising the
new routes?
Question: Why do you think that the pe3 router has

not advertised any Type 7 routes?
Step 5.18
Step 5.19
Issue the show pim join command to see of the ce3 router has joined the PIM
source tree
Question: Has the ce3 router sent any PIM joins to

the pe3 router?
Question: Do you think the pe3 router is receiving

any multicast traffic from the sources attached to
pe1?
Step 5.20
Step 5.21
Issue the show multicast route extensive instance vpn1 command
to determine if the pe3 router is receiving any multicast traffic.

Junos MPLS and VPNs
Question: Is the pe3 router is receiving any
multicast traffic from the sources attached to pe1?
Why?
Part 6: Configuring a Selective Provider Tunnel
In this part of the lab, you will configure a selective provider tunnel (using an LDP
signaled P2MP LSP) that will deliver multicast traffic to only the interested receiving
sites.
Step 6.1
Step 6.2
Enter configuration and enable LDP for P2MP signaling.
Step 6.3
Navigate to the hierarchy. Configure a
LDP-signaled P2MP LSP-based selective provider tunnel for any group in the
224.8.8/24 range. Make sure to specify your router’s source for that group range.
Use the following table to determine the source’s address. Commit your
Router Multicast Group Multicast Source

mxA-1 224.8.8.1 10.0.101.3
mxA-2 224.8.8.2 10.0.102.3
mxB-1 224.8.8.3 10.0.103.3
mxB-2 224.8.8.4 10.0.104.3
mxC-1 224.8.8.5 10.0.105.3
mxC-2 224.8.8.6 10.0.106.3
mxD-1 224.8.8.7 10.0.107.3
mxD-2 224.8.8.8 10.0.108.3
Step 6.4
Issue the show ldp database command to determine if an LDP-signaled P2MP
LSP has been established.
Question: Has an LDP-signaled P2MP LSP been

established in the core network

Junos MPLS and VPNs
Question: What is the outbound label for the LDP
P2MP LSP?
Step 6.5
Issue the show rsvp session command again to determine the outbound label
for the RSVP P2MP LSP.
Question: What is the outbound label for the RSVP

P2MP LSP?
Step 6.6
Issue the show route table vpn1.inet.1 command to determine which
multicast groups will be forwarded using the RSVP or the LDP P2MP LSP.
Question: Which multicast groups will be forwarded

over the RSVP P2MP LSP?
Question: Which multicast groups will be forwarded

over the LDP P2MP LSP?
Question: Which type of multicast packets should

the pe2 router be receiving?
Question: Which type of multicast packets should

the pe3 router be receiving? Why?
Step 6.7
command to determine if any new routes have been advertised to the remote PE
routers.
Question: Which new type of route has been

advertised to the remote PEs? What is the route’s
purpose?
Step 6.8

Junos MPLS and VPNs
Step 6.9
Issue the show multicast route extensive command to determine which
multicast groups that the ce2 router is currently forwarding.
Question: To which groups and at what rate is ce2

forwarding multicast traffic?
Step 6.10
Step 6.11
Issue the show multicast route extensive instance vpn1 command
to determine if the pe3 router is receiving any multicast traffic.
Question: Is the pe3 router receiving any multicast

traffic from the sources attached to pe1? Which
groups are being received?
Step 6.12
Step 6.13
hierarchy. View the ce2 router’s IGMP configuration. Delete the disable statement
under the ge-1/0/4 interface. Commit your configuration and exit to operational
mode.
Question: How will the behavior of the ce3 router

change by deleting the statement?
Step 6.14
Issue the show pim join command to verify that the ce3 router is now sending
PIM joins for the multicast groups.
Question: Has the CE router joined the two

multicast groups?
Step 6.15
Issue the show multicast route extensive command to view the rate at
which multicast packets are being received by the ce3 router.

Junos MPLS and VPNs
Question: At what rate and which groups are
multicast packets being received?
Question: What does this tell you about the

LDP-signaled P2MP LSP?
Step 6.16
the p2 router logical system.
Step 6.17
Issue the show ldp database command to view the branches of the LDP
signaled P2MP LSP.
Question: What is the LSP ID of the P2MP LSP?
Question: Looking at the input LDP databases,

which routers are downstream routers along the
P2MP LSP?
Step 6.18
Step 6.19

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

Junos MPLS and VPNs

JMV 12.a High Level Lab Guide PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

JMV 12.a High Level Lab Guide PDF

Uploaded by

Copyright:

Available Formats

Junos MPLS and VPNs

HIGH LEVEL LAB GUIDE Revision 1'.a

EDU-JUN-JMV, Revision 1'.a

High-Level Lab Guide

Worldwide Education Services

1194 North Mathilda Avenue

Course Number: EDU-JUN-JMV

Lab 2: Label Distribution Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Lab 3: CSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Lab 4: Traffic Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Lab 5: Fate Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

Lab 6: Miscellaneous MPLS Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1

Lab 8: Route Reflection and Internet Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1

Lab 9: GRE Tunnel Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1

Lab 10: BGP Layer 2 VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1

Lab 11: Circuit Cross-Connect and LDP Layer 2 Circuits . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

Lab 12: VPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-1

Lab 14: MVPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-1

www.juniper.net Course Overview • vii

viii • Course Overview www.juniper.net

www.juniper.net Course Overview • ix

x • Course Agenda www.juniper.net

www.juniper.net Course Agenda • xi

CLI and GUI Text

Style Description Usage Example

Input Text Versus Output Text

Style Description Usage Example

View configuration history by clicking

CLI Input Text that you must enter. show route

Defined and Undefined Syntax Variables

Style Description Usage Example

CLI Variable Text where variable value is my-peers

xii • Document Conventions www.juniper.net

Education Services Offerings

www.juniper.net Additional Information • xiii

www.juniper.net MPLS Fundamentals • Lab 1–1

Part 1: Configuring Network Interfaces and Baseline Protocols

Question: What is the management address

Lab 1–2 • MPLS Fundamentals www.juniper.net

Question: What are the and states for

Question: Does the routing table display an entry for

Question: Are any routes currently hidden?

www.juniper.net MPLS Fundamentals • Lab 1–3

Question: Are the ping tests successful?

Question: How many BGP neighbors does your

Question: Does your session show an

STOP Do not proceed until the remote team finishes Part 1.

Lab 1–4 • MPLS Fundamentals www.juniper.net

Part 2: Configuring Customer Edge Router and Network Interfaces

Question: Do you see any issues with the current

www.juniper.net MPLS Fundamentals • Lab 1–5

Question: Is your EBGP peering established

Question: Are you sending any routes from your CE

Lab 1–6 • MPLS Fundamentals www.juniper.net

Question: Why is the protocol (BGP) next hop for the

Question: Why is the route hidden?

Question: How do you fix this problem and get the

Question: Do you see the route now?

www.juniper.net MPLS Fundamentals • Lab 1–7

Question: Is the route present in your CE routing

STOP Do not proceed until the remote team finishes Part 2.

Part 3: Configuring a Static LSP Through the Core

Question: What are the routes that you see?

HIGH LEVEL LAB GUIDE Revision 1'.a