lab preparation workbook volume 1 (v1.1) - inetzero zero - jncie-sp workbook v1.0... · lab...

http://www.inetzero.com -‐ Copyright 2015 iNET ZERO. All rights reserved for personal non commercial use only – do not distribute

iNET ZERO JNCIE-SP Lab preparation workbook

volume 1 (v1.1) DEMO

For Juniper Networks, inc - JNCIE-SP Lab Exam 2015

http://www.inetzero.com -‐ Copyright 2015 iNET ZERO. All rights reserved For personal non commercial use only – do not distribute

JNCIE-‐SP workboo

k:

2

2 iNET ZERO lab preparation workbook for the JNCIE-‐SP Lab Exam – version 1.1

Copyright and licensing information This workbook, iNET ZERO's JNCIE-‐SP Lab Preparation Workbook, was developed by iNET ZERO. All rights reserved. No part of this publication may be reproduced or distributed in any form or by any means without the prior written permission of iNET ZERO a registered company in the Netherlands. This product cannot be used by or transferred to any other person. You are not allowed to rent, lease, loan or sell iNET ZERO training products including this workbook and its configurations. You are not allowed to modify, copy, upload, email or distribute this workbook in any way. This product may only be used and printed for your own personal use and may not be used in any commercial way. Juniper (c), Juniper Networks inc, JNCIE, JNCIP, JNCIS, JNCIA, Juniper Networks Certified Internet Expert, are registered trademarks of Juniper Networks, Inc.


JNCIE-‐SP workboo

k:

3


About iNET ZERO’s content developers and authors: Maxim Frolov

Maxim lives in Russia and speaks Russian and English. He started his networking career in 1999. Throughout the years Maxim has designed and implemented several large scale networks for enterprise and service provider customers. Over the years he has developed several high quality courseware materials for industry leading networking vendors. Maxim has the following certifications: JNCIE, JNCIP-‐ENT, JNCIS-‐SEC, Nortel NNCSS. For technology Max values efficiency and pragmatic design. When Max is not at work he likes to spend time with his family. Max enjoys being outside in the nature and loves to travel and exploring the world.

Jörg Buesink

Jörg lives in the Netherlands near Amsterdam and brings more than 10 years of experience in the IT and networking industry. He has worked for several large ISPs / service providers in the role of technical consultant, designer and network architect. He has extensive experience in network implementation, design and architecture and teached several networking classes. Jörg is triple JNCIE certified (JNCIE-‐ENT#21, JNCIE-‐SP#284 and JNCIE-‐SEC#30) as well as triple CCIE#15032 (Routing/ Switching, Service provider and Security), Cisco CCDE#20110002 certified, Huawei HCIE#2188 Routing and Switching.


JNCIE-‐SP workboo

k: Gen

eral inform

ation

4


General information

Rack rental service Did you know that this workbook can be used in combination with our premium JNCIE rack rental service? Take a look on our website for more information www.inetzero.com Warning: Please do NOT change the root account password for any of our devices to prevent unnecessary password recovery. Thank you for your cooperation

Target audience This workbook is developed for experienced network engineers who are preparing for the Juniper Networks JNCIE-‐SP lab exam. Although not required it is highly recommended that you have passed the JNCIS-‐SP and JNCIP-‐SP written exams before you start using this workbook. iNET ZERO’s JNCIE-‐SP preparation workbook is developed in such a way that we expect you to have theoretical knowledge about the JNCIE-‐SP lab exam blueprint topics (JNCIP-‐SP certified or working towards this certification). For example, in this workbook we will not explain what rib-‐groups, LSP’s or Multicast VPNs are. What we will do is test if you are able to configure all these technologies based on certain requirements and understand how they interact in a typical SP environment.

How to use this workbook We recommend that you start your JNCIE lab preparation with the workbook chapters only. Always take a note on the time spent for each chapter/ task to see if you improved once you go over the chapters again. Ensure that at least you go the workbook chapters twice before you start with the super lab. You are ready to try the Super Lab if you are able to configure the chapter's tasks without the need of the chapter's answers. The Super Lab must be completed within 8 hours.

Topology diagrams In the chapters you will find several topology diagrams in small format. In the appendix of this workbook you will find bigger versions of the topology diagrams for better readability. We recommend to print the topology diagrams.

iNET ZERO support Always feel free to ask us questions regarding the workbook or JNCIE rack rental. You can reach us at [email protected]. We love to hear from you regarding your preparation progress. Your feedback regarding our products is also very appreciated!


JNCIE-‐SP workboo

k: Tab

le of C

ontent

5


Table of Content

General information Rack rental service....................................................................................................................... Target audience........................................................................................................................... How to use this workbook........................................................................................................... iNET ZERO support....................................................................................................................... Chapter One: General System Features Task 1. Initial System Settings...................................................................................................... Task 2. SNMP Configuration......................................................................................................... Task 3. Firewall Filters.................................................................................................................. Task 4. Interface Configuration.................................................................................................... Task 5. Scripting........................................................................................................................... Chapter Two: IGP Configuration and Troubleshooting Task 1. OSPF Troubleshooting...................................................................................................... Task 2. ISIS Troubleshooting......................................................................................................... Task 3. IGP Rollout........................................................................................................................ Chapter Three: BGP and Routing Policy Task 1. IBGP and Confederation.................................................................................................... Task 2. EBGP Configuration........................................................................................................... Task 3. Routing Policies ................................................................................................................ Task 4. IBGP and Route Reflection................................................................................................ Chapter Four: MPLS Configuration Task 1. LDP Configuration............................................................................................................. Task 2. RSVP Configuration........................................................................................................... Task 3. RSVP Protection ................................................................................................................ Task 4. IPv6 Tunneling with 6PE ................................................................................................... Chapter Five: L3VPN Configuration Task 1. L3VPN Configuration......................................................................................................... Task 2. Multicast in L3VPN............................................................................................................ Task 3. IPv6 Tunneling with 6VPE.................................................................................................. Chapter Six: L2VPN and VPLS Configuration Task 1. L2VPN Configuration......................................................................................................... Task 2. VPLS Configuration............................................................................................................ Chapter Seven: Inter-‐provider VPN Configuration........................................................................ Task 1. Inter-‐provider VPN Option B............................................................................................. Task 2. Inter-‐provider VPN Option C............................................................................................. Chapter Eight: Class of Service Task 1. Forwarding Classes, Queues and Schedulers.................................................................... Task 2. Classification, Policing and Marking..................................................................................


JNCIE-‐SP workboo

k: Tab

le of C

ontent

6


Chapter Nine: A Full Day Lab Challenge Task 1: Initial System Configuration.............................................................................................. Task 2: Building the Network........................................................................................................ Task 3: IGP Configuration.............................................................................................................. Task 4: BGP Configuration............................................................................................................. Task 5: MPLS Configuration........................................................................................................... Task 6: VPN Configuration............................................................................................................. Task 7: Class of Service Configuration........................................................................................... Appendix 1: Additional Theory OSPF adjacency troubleshooting................................................................................................... BGP adjacency troubleshooting .................................................................................................... BGP IPV6 NLRI over IPV4 peering.................................................................................................. Troubleshooting: Multicast traffic engineering using RIB-‐groups ................................................. Advanced firewall filtering............................................................................................................. Appendix 2 : Topology diagrams Appendix -‐ Chapter One: General System Features Solution -‐ Task 1: Initial System Configuration.............................................................................. Solution -‐ Task 2. SNMP Configuration.......................................................................................... Solution -‐ Task 3. Firewall Filters................................................................................................... Solution -‐ Task 4. Interface Configuration..................................................................................... Solution -‐ Task 5. Scripting............................................................................................................. Appendix -‐ Chapter Two: IGP Configuration and Troubleshooting Solution -‐ Task 1. OSPF Troubleshooting....................................................................................... Solution -‐ Task 2: ISIS Troubleshooting.......................................................................................... Solution -‐ Task 3. IGP Rollout......................................................................................................... Appendix -‐ Chapter Three: BGP and Routing Policy Solution -‐ Task 1. IBGP and Confederation.................................................................................... Solution -‐ Task 2. EBGP Configuration........................................................................................... Solution -‐ Task 3. Routing Policies................................................................................................. Solution -‐ Task 4. IBGP and Route Reflection................................................................................ Verification.................................................................................................................................... Appendix -‐ Chapter Four: MPLS Configuration Solution -‐ Task 1. LDP Configuration............................................................................................. Solution -‐ Task 2. RSVP Configuration........................................................................................... Solution -‐ Task 3. RSVP Protection................................................................................................ Solution -‐ Task 4. IPv6 Tunneling with 6PE.................................................................................... Verification....................................................................................................................................


JNCIE-‐SP workboo

k:

7


Appendix -‐ Chapter Five: L3VPN Configuration Solution -‐ Task 1. L3VPN Configuration......................................................................................... Solution -‐ Task 2. Multicast in L3VPN............................................................................................ Solution -‐ Task 3. IPv6 Tunneling with 6VPE................................................................................... Verification...................................................................................................................................... Appendix -‐ Chapter Six: L2VPN and VPLS Configuration Solution -‐ Task 1. L2VPN Configuration.......................................................................................... Solution -‐ Task 2. VPLS Configuration............................................................................................. Verification..................................................................................................................................... Appendix -‐ Chapter Seven: Inter-‐provider VPN Configuration Solution -‐ Task 1. Inter-‐provider VPN Option B............................................................................... Solution -‐ Task 2. Inter-‐provider VPN Option C............................................................................... Verification...................................................................................................................................... Appendix -‐ Chapter Eight: Class of Service Solution -‐ Task 1. Forwarding Classes, Queues and Schedulers...................................................... Solution -‐ Task 2. Classification, Policing and Marking.................................................................... Verification...................................................................................................................................... Appendix -‐ Chapter Nine: A Full Day Lab Challenge Solution -‐ Task 1: Initial System Configuration................................................................................ Solution -‐ Task 2: Building the Network.......................................................................................... Solution -‐ Task 3: IGP Configuration................................................................................................ Solution -‐ Task 4: BGP Configuration............................................................................................... Solution -‐ Task 5: MPLS Configuration............................................................................................. Solution -‐ Task 6: VPN Configuration............................................................................................... Solution -‐ Task 7: Class of Service Configuration ............................................................................. Solution -‐ Route Reflector Configuration.........................................................................................

TOTAL 390+ PAGES!


JNCIE-‐SP workboo

k: Cha

pter One

: Gen

eral System Features

8


Chapter One: General System Features

TIP: Throughout the workbook before you begin a chapter, we recommend you to read the entire chapter before starting with the first task.

This chapter will focus on initial system configuration and general system features. You will configure various features, such as host names, management network access, management user authentication and authorization, NTP, SNMP, Syslog, RE protection firewall filters, network interfaces, and VRRP. You will be operating 8 devices R1 through R8 referred to as your routers in this workbook.

Figure 1


JNCIE-‐SP workboo

k: Cha

pter One

: Gen


9


Figure 2

.....

..... DEMO ..... .....


JNCIE-‐SP workboo

k: Cha

pter One

: Gen


10


Task 4. Interface Configuration In this task you are configuring the network interfaces, aggregated Ethernet interfaces and VRRP.

1) Build the network as shown in Figure 3. The interface parameters can be found in Table 1. Configure interfaces i1 and i4 on R1 and R2, and R5 and R6 to form an aggregated Ethernet bundle. Enable LACP continuity checking on the AE interface. Configure the logical interface descriptions.

Figure 3

NOTE: The interface unit numbers match the VLAN tags.

Table 1

Router Interface Interface Name IP Address IPv6 Address R1 i1 ge-‐0/0/1 802.3ad

i2 ge-‐0/0/4.114 172.30.0.5/30 i3 ge-‐0/0/4.118 172.30.0.9/30 link-‐local i4 ge-‐0/0/2 802.3ad ae0.0 172.30.0.1/30 link-‐local lo0.0 172.30.5.1/32 fd17:f0f4:f691:5::1/128

R2 i1 ge-‐0/0/1 802.3ad i2 ge-‐0/0/4.127 172.30.0.17/30 i3 ge-‐0/0/4.123 172.30.0.13/30 link-‐local i4 ge-‐0/0/2 802.3ad ae0.0 172.30.0.2/30 link-‐local


JNCIE-‐SP workboo

k: Cha

pter One

: Gen


11


lo0.0 172.30.5.2/32 fd17:f0f4:f691:5::2/128 R3 i1 ge-‐0/0/4.134 172.30.0.21/30 link-‐local

i2 ge-‐0/0/4.136 172.30.0.25/30 i3 ge-‐0/0/4.123 172.30.0.14/30 link-‐local i4 ge-‐0/0/4.200 172.30.1.1/24 i5 ge-‐0/0/4.201 172.30.2.1/24 lo0.0 172.30.5.3/32 fd17:f0f4:f691:5::3/128

R4 i1 ge-‐0/0/4.134 172.30.0.22/30 link-‐local i2 ge-‐0/0/4.114 172.30.0.6/30 i3 ge-‐0/0/4.145 172.30.0.29/30 link-‐local i4 ge-‐0/0/4.200 172.30.1.2/24 i5 ge-‐0/0/4.201 172.30.2.2/24 lo0.0 172.30.5.4/32 fd17:f0f4:f691:5::4/128

R5 i1 ge-‐0/0/1 802.3ad i2 ge-‐0/0/4.158 172.30.0.37/30 i3 ge-‐0/0/4.145 172.30.0.30/30 link-‐local i4 ge-‐0/0/2 802.3ad ae0.0 172.30.0.33/30 link-‐local lo0.0 172.30.5.5/32 fd17:f0f4:f691:5::5/128

R6 i1 ge-‐0/0/1 802.3ad i2 ge-‐0/0/4.136 172.30.0.26/30 i3 ge-‐0/0/4.167 172.30.0.41/30 link-‐local i4 ge-‐0/0/2 802.3ad ae0.0 172.30.0.34/30 link-‐local lo0.0 172.30.5.6/32 fd17:f0f4:f691:5::6/128

R7 i1 ge-‐0/0/4.178 172.30.0.45/30 link-‐local i2 ge-‐0/0/4.127 172.30.0.18/30 i3 ge-‐0/0/4.167 172.30.0.42/30 link-‐local lo0.0 172.30.5.7/32 fd17:f0f4:f691:5::7/128

R8 i1 ge-‐0/0/4.178 172.30.0.46/30 link-‐local i2 ge-‐0/0/4.158 172.30.0.38/30 i3 ge-‐0/0/4.118 172.30.0.10/30 link-‐local lo0.0 172.30.5.8/32 fd17:f0f4:f691:5::8/128

2) On R3 and R4 configure VRRP such as R3 is the VRRP master on i4 interface and R4 is the VRRP master on i5 interface. Use .254 Virtual Router IP address on the i4 and i5 subnets.

3) Make sure that R3 and R4 track their uplink interfaces i2 and i3 so that if both the interfaces go down the device resigns from its VRRP mastership.

4) Make sure that VRRP messages are authenticated with MD5. Use workbook as the authentication key.

.....

..... DEMO ..... .....

DEMO VERSION


JNCIE-‐SP workboo

k: Cha

pter Three

: BGP an

d Ro

uting Po

licy

12


Chapter Three: BGP and Routing Policy

In this chapter you will create the BGP network including IBGP with Route Reflection and Confederation, and multiple EBGP sessions with peers and customers emulating a typical ISP setup. You will also configure multiple routing policies to achieve high accuracy control over BGP routing exchange and path selection. .....

..... DEMO ..... .....

Task 2. EBGP Configuration In this task you configure IPv4 and IPv6 EBGP peering.

Figure 4

1) Configure the additional interfaces on your routers as indicated in Table 2. Configure the interface description.


JNCIE-‐SP workboo

k: Cha

pter Three

: BGP an

d Ro

uting Po

licy

13


Table 2

Router Interface Interface Name IP Address IPv6 Address R1 i5 ge-‐0/0/5.300 192.168.1.1/24 R2 i5 ge-‐0/0/5.300 192.168.1.2/24 R3 i6 ge-‐0/0/5.301 192.168.0.1/30 link-‐local

i7 ge-‐0/0/5.302 192.168.0.5/30 R5 i7 ge-‐0/0/5.303 192.168.0.9/30 IPv4 compatible/126

i8 ge-‐0/0/5.304 192.168.0.13/30 IPv4 compatible/126 R6 i5 ge-‐0/0/5.305 192.168.0.17/30

i6 ge-‐0/0/5.306 192.168.0.21/30 i7 ge-‐0/0/5.307 192.168.0.25/30

R7 i4 ge-‐0/0/5.308 192.168.0.29/30 fc09:c0:ffee::1/126 i5 ge-‐0/0/5.309 192.168.0.33/30

R8 i4 ge-‐0/0/5.310 192.168.0.37/30 fc09:c0:ffee::5/126

2) Configure IPv4 EBGP sessions as shown in Figure 4.

3) Ensure that all the EBGP session state changes are logged to syslog.

4) Make sure that both R1 and R2 peer with both IX-‐1 and IX-‐2 routers. The IX-‐1 peering address is 192.168.1.3 and IX-‐2 is 192.168.1.4.

5) Use loopback interface peering for R6 to C2-‐1 session. Make sure that a single interface failure of the R6 i6 or i7 interfaces will not break the EBGP session down. Use RIP protocol to get the C2-‐1 loopback address.

.....

..... DEMO ..... .....


JNCIE-‐SP workboo

k: Cha

pter Fou

r: MPLS Co

nfiguration

14


Chapter Four: MPLS Configuration

In this chapter you will create core MPLS network. The chapter tasks include configuration of LDP-‐signaled LSPs, RSVP-‐signaled LSPs, traffic engineering, traffic protection and optimization, and LDP tunneling.

Figure 5

Task 3. RSVP Protection In this task you implement different LSP protection mechanisms.

1) Configure a backup protection path for all RSVP-‐signaled LSPs but K, L, O, P.

2) Make sure that for the LSPs C, D, G, H the protection path is established in advance, before the primary path fails.

.....

..... DEMO ..... .....


JNCIE-‐SP workboo

k: Cha

pter Five: L3V

PN Con

figuration

15


Chapter Five: L3VPN Configuration

In this chapter tasks you implement L3VPN’s. The tasks include L3VPN configuration with customers running either OSPF or BGP, dual-‐homed customer sites, customer Internet access, multicasting in VPNs and IPv6 tunneling with 6VPE.

Task 1. L3VPN Configuration ..... ..... DEMO ..... .....

1) Configure L3VPNs as shown in Figure 6. Table 3 specifies the L3VPN details.

Figure 6


JNCIE-‐SP workboo

k:

16


Table 3

Customer Site Router PE-‐CE Protocol

Protocol details

C1 S1 CE1-‐1 OSPF Area 0 S2 CE1-‐2 OSPF Area 0

CE1-‐3 OSPF Area 0 S3 CE1-‐4 OSPF Area 0

C2 S1 CE2-‐1 BGP AS 64600 CE2-‐2 BGP AS 64600

S2 CE2-‐3 BGP AS 64600 CE2-‐4 BGP AS 64600

S3 CE2-‐5 BGP AS 64600

Task 2. Multicast in L3VPN In this task you implement Draft-‐Rosen and Next Generation multicast in the L3VPNs.

NOTE: Both customers C1 and C2 use 239.0.0.0/24 multicast range.

1) Enable PIM sparse mode ASM in your AS. Make sure that R1 and R2 act as anycast RP’s. You may not use MSDP in your network.

2) Use bootstrap RP mapping in your network. Make sure that R1 is the active BSR and R2 will take over the BSR role if R1 fails.

.....

..... DEMO ..... .....


JNCIE-‐SP workboo

k: App

endix: Add

ition

al The

ory

17


Appendix: Additional Theory

Troubleshooting: Multicast traffic engineering using RIB-‐groups In the following scenario we will troubleshoot a multicast RPF issue with given restrictions.

A multicast receiver attached to SRX4 would like to join source specific multicast (SSM) group 232.1.1.1 send by multicast source 192.168.1.1. Assume the following requirement(s):

• Unicast traffic from SRX1 to SRX4 should always transit SRX3.

• Unicast traffic from SRX4 to SRX1 should always transit SRX2.

To meet the unicast flow requirement the IGP metrics for prefixes in the inet.0 table are tuned on SRX1 and SRX4 (metric 1). For some reason the multicast traffic is not received by the receiver attached to SRX4. Verify PIM signalling in the network on SRX4 and SRX1: root@srx4# run show pim join inet 232.1.1.1 Instance: PIM.master Family: INET R = Rendezvous Point Tree, S = Sparse, W = Wildcard Group: 232.1.1.1 Source: 192.168.1.1 Flags: sparse Upstream interface: unknown (no nexthop) root@srx1# run show pim source inet 192.168.1.1 Instance: PIM.master Family: iNET Source 192.168.1.1 Prefix 192.168.1.0/24 Upstream interface ge-‐0/0/1.0 Upstream neighbor 192.168.1.2 We can determine that SRX4 has a reverse path forwarding (RPF) failure for multicast group 232.1.1.1 .........DEMO.....


JNCIE-‐SP workboo

k:

18


Appendix -‐ Chapter Five: L3VPN Configuration

Solution -‐ Task 1. L3VPN Configuration

1) Configure the additional interfaces on all routers.

[edit interfaces] lab@Sun# show ge-0/0/5 { unit 311 { description "CE2-1 connection 1"; vlan-id 311; family inet { address 192.168.0.41/30; } } unit 312 { description "CE2-1 connection 2"; vlan-id 312; family inet { address 192.168.0.45/30; }


JNCIE-‐SP workboo

k: App

endix -‐ C

hapter Five: L3V

PN Con

figuration

19


} unit 313 { description "CE2-1 connection 3"; vlan-id 313; family inet { address 192.168.0.49/30; } } } lo0 { unit 1 { family inet { address 172.30.5.9/32; } } }

2) Configure BGP VPN family on all routers. [edit protocols bgp] lab@Sun# show group ibgp { family inet-vpn { unicast; } }

3) Configure BGP VPN family on route reflector. [edit protocols bgp] lab@route-reflector# show group cluster-1 { family inet-vpn { unicast; } } group cluster-2 { family inet-vpn { unicast; } }

4) Configure autonomous system loops on the route reflector. [edit routing-options] lab@route-reflector# show autonomous-system 54591 loops 3;

DEMO END For more information visit http://www.inetzero.com

lab preparation workbook volume 1 (v1.1) - inetzero zero - jncie-sp workbook v1.0... · lab...

Documents