Scribd
Upload
111 views296 pages

JNCIE-SP-12.a LG v2

Uploaded by

gridcodetech
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
111 views296 pages

JNCIE-SP-12.a LG v2

Uploaded by

gridcodetech
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 296

JNCIE Service Provider Bootcamp

12.a

Lab Guide
Volume 2

Worldwide Education Services

1133 Innovation Way


Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net

Course Number: EDU-JUN-JNCIE-SP


This document is produced by Juniper Networks, Inc.
This document or any part thereof may not be reproduced or transmitted in any form under penalty of law, without the prior written permission of Juniper Networks Education
Services.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The
Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service
marks are the property of their respective owners.
JNCIE Service Provider Bootcamp Lab Guide, Revision 12.a
Copyright © 2015 Juniper Networks, Inc. All rights reserved.
Printed in USA.
Revision History:
Revision 10.a—September 2011
Revision 10.b—March 2012
Revision 12.a—February 2015
The information in this document is current as of the date listed above.
The information in this document has been carefully verified and is believed to be accurate for software Release 12.3. Juniper Networks assumes no responsibilities for any
inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary, incidental, or consequential damages
resulting from any defect or omission in this document, even if advised of the possibility of such damages.

Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has no known
time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an agreement
executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and agree to be bound by its
license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper Networks software, may contain
prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should consult the software license for further details.
Contents
Lab 6: BGP Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Implementing BGP with Route Reflectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3
Implementing IBGP with Confederations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-77

Lab 7: BGP Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1


Troubleshooting and Repairing BGP Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3

Lab 8: Multicast Implementation and Troubleshooting . . . . . . . . . . . . . . . . . . . . . . 8-1


Configuring PIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2

Lab 9: Class of Service Implementation and Troubleshooting . . . . . . . . . . . . . . . . 9-1


Configuring CoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3

Lab 10: MPLS Implementation and Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . 10-1


Configuring LSPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2

Lab 11: MPLS VPNs Implementation and Troubleshooting . . . . . . . . . . . . . . . . . . . 11-1


Configuring Layer 3 VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-2

www.juniper.net Contents • iii


iv • Contents www.juniper.net
Course Overview

This five-day course is designed to serve as the ultimate preparation for the Juniper Networks Certified Internet Expert—
Service Provider (JNCIE-SP) exam. The course focuses on caveats and tips useful for potential test candidates and
emphasizes hands-on practice through a series of timed lab simulations. On the final day of the course, students are
given a six-hour lab simulation emulating the testing topics and environment from the real exam. All labs in this course
are facilitated by Junosphere Cloud (formerly known as Junosphere) virtual lab devices and are available after hours for
additional practice time. This course is based on Junos OS Release 12.3.
Objectives
After successfully completing this course, you should:
• Be better prepared for success in taking the actual JNCIE-SP exam.
• Be well-versed in exam topics, environment, and conditions.
Intended Audience
This course benefits individuals who have already honed their skills on service provider technologies and could use
some practice and tips in preparation for the JNCIE-SP exam.
Course Level
JNCIE Service Provider Bootcamp is an advanced-level course.
Prerequisites
Students should have passed the Juniper Networks Certified Internet Professional—Service Provider (JNCIP-SP) written
exam or achieved an equal level of expertise through Education Services courseware and hands-on experience.

www.juniper.net Course Overview • v


Course Agenda

Day 1
Chapter 1: Course Introduction
Chapter 2: Exam Strategies
Chapter 3: Device Infrastructure
Implementing Device Infrastructure Lab
Chapter 4: IGP Implementation
IS-IS Implementation Lab
OSPF Implementation Lab
Day 2
Chapter 5: IGP Troubleshooting
IS-IS Troubleshooting Lab
OSPF Troubleshooting Lab
Chapter 6: BGP Implementation
BGP Implementation Lab
Chapter 7: BGP Troubleshooting
BGP Troubleshooting Lab
Day 3
Chapter 8: Multicast Implementation
Multicast Implementation and Troubleshooting Lab
Chapter 9: Class of Service Implementation
Class of Service Implementation and Troubleshooting Lab
Day 4
Chapter 10: MPLS Implementation
MPLS Implementation and Troubleshooting Lab
Chapter 11: MPLS VPN Implementation
MPLS VPN Implementation and Troubleshooting Lab
Day 5
JNCIE-SP Full Lab Simulation

vi • Course Agenda www.juniper.net


Document Conventions

CLI and GUI Text


Frequently throughout this course, we refer to text that appears in a command-line interface (CLI) or a graphical user
interface (GUI). To make the language of these documents easier to read, we distinguish GUI and CLI text from plain text
according to the following table.

Style Description Usage Example

Franklin Gothic Normal text. Most of what you read in the Lab Guide
and Student Guide.

Courier New Console text:


commit complete
• Screen captures
• Noncommand-related Exiting configuration mode
syntax
GUI text elements:
Select File > Open, and then click
• Menu names Configuration.conf in the
Filename text box.
• Text field entry

Input Text Versus Output Text


You will also frequently see cases where you must enter input text yourself. Often these instances will be shown in the
context of where you must enter them. We use bold style to distinguish text that is input versus text that is simply
displayed.

Style Description Usage Example

Normal CLI No distinguishing variant. Physical interface:fxp0,


Enabled
Normal GUI
View configuration history by clicking
Configuration > History.

CLI Input Text that you must enter. lab@San_Jose> show route
GUI Input Select File > Save, and type
config.ini in the Filename field.

Defined and Undefined Syntax Variables


Finally, this course distinguishes between regular text and syntax variables, and it also distinguishes between syntax
variables where the value is already assigned (defined variables) and syntax variables where you must assign the value
(undefined variables). Note that these styles can be combined with the input style as well.

Style Description Usage Example

CLI Variable Text where variable value is already policy my-peers


assigned.
GUI Variable Click my-peers in the dialog.

CLI Undefined Text where the variable’s value is Type set policy policy-name.
the user’s discretion or text where
ping 10.0.x.y
the variable’s value as shown in
GUI Undefined the lab guide might differ from the Select File > Save, and type
value the user must input filename in the Filename field.
according to the lab topology.

www.juniper.net Document Conventions • vii


Additional Information

Education Services Offerings


You can obtain information on the latest Education Services offerings, course dates, and class locations from the World
Wide Web by pointing your Web browser to: http://www.juniper.net/training/education/.
About This Publication
The JNCIE Service Provider Bootcamp Lab Guide was developed and tested using the Junos software Release 12.3.
Previous and later versions of software might behave differently so you should always consult the documentation and
release notes for the version of code you are running before reporting errors.
This document is written and maintained by the Juniper Networks Education Services development team. Please send
questions and suggestions for improvement to training@juniper.net.
Technical Publications
You can print technical manuals and release notes directly from the Internet in a variety of formats:
• Go to http://www.juniper.net/techpubs/.
• Locate the specific software or hardware release and title you need, and choose the format in which you
want to view or print the document.
Documentation sets and CDs are available through your local Juniper Networks sales office or account representative.
Juniper Networks Support
For technical support, contact Juniper Networks at http://www.juniper.net/customers/support/, or at 1-888-314-JTAC
(within the United States) or 408-745-2121 (from outside the United States).

viii • Additional Information www.juniper.net


Lab
BGP Implementation

Overview
In this lab, you will implement a BGP network including IBGP, EBGP, and routing policies
according to the provided task list. You will have 2.5 hours to complete the lab.
By completing this lab, you will perform the following tasks:
• Configure the IBGP network. Your IBGP network must be designed using route
reflection and must contain one route reflection cluster. All IBGP sessions must use
the lo0.0 interface IP address. The failure of a link or router in the network must
not result in any connectivity issues or isolation of clients.
• All IBGP sessions in your autonomous system (AS) must be authenticated using MD5
authentication.
• Configure a BGP session to the customer 2 (C2), peer (P), and transit (T) neighbors.
Configure the EBGP session to C2 to load-balance over the two links that connect R5
and C2. Only one BGP session should be used. A static route is permissible to
complete this task.
• Configure the R2 router to use load balancing over the two peering sessions with T1
and T2 routers.
• All peer (P), transit provider (T1, T2), and C2 IPv4 prefixes should be active and
reachable on all routers in your AS.
• Routers C1 and C3 belong to the same customer, which uses IPv6 routing. Provide
the communication between C1 and C3 over your AS. Both C1 and C3 routers must
be able to communicate with the Transit routers T1 and T2 using IPv6. You must
share IPv6 routes with the Transit routers over your existing IPv4 peerings. You must
use the IPv4-compatible address on your peering from R1 to T1. You are allowed to
use the IPv4-mapped address on the peerings from R2. IPv6 packet forwarding in
your AS is not permitted.
• The direct IPv6 routes on C1-R3 and C3-R4 links must be reachable from the
customer remote routers C3 and C1, respectively.
• Ensure that no more than 12 prefixes are accepted from customer routers C1 and
C3. If this limit is exceeded the router should generate the syslog message but the
session should remain active.
• All BGP sessions state changes should be logged to syslog.

www.juniper.net BGP Implementation • Lab 6–1


JNCIE Service Provider Bootcamp
• Implement an export policy that affects incoming traffic from Transit routers. Traffic
should enter your network through the T1 router.
• Implement an import policy for the transit routers that ensures outbound IPv4 traffic
exits your AS at the R2 router.
• Ensure that traffic going to the destinations advertised by the P router prefers R3 as
the exit point.
• Routes received from the P router should not be advertised to T1 or T2 or vice versa.
• Using BGP standard communities, ensure that it is possible to differentiate between
the EBGP neighbors from which the external IPv4 prefixes were received.
• Advertise a summary route representing local AS IPv4 network range to the P, T1, T2,
and C2 devices.
• Advertise a summary route representing local AS IPv6 range to the transit provider, no
other IPv6 routes may be advertised to the T1 and T2 routers.
• Do not accept IPv4 routes that have a mask shorter than /8 or longer than /24 from
the peer or transit providers.
• If the same route is learned directly from the C2 customer, it should always be
preferred to the same prefix learned from either a peer or a transit router.
• After performing all previous tasks, migrate the existing IBGP network to a
confederation. route reflection is not permitted. No router in your AS can have more
than two IBGP and CBGP neighbors. The failure of a link or router in the network must
not result in any connectivity issues or isolation of routers.

Lab 6–2 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp

Implementing BGP with Route Reflectors


In this lab part, you will log in to your assigned routers and configure as well as verify the BGP
network. In addition to establishing the BGP network you will implement BGP routing policies.
The IBGP network will be designed using route reflection.
Note
We recommend that you spend some time
carefully reading all the tasks before you
start configuring routers step by step. This
approach allows you to better develop your
strategy, which is especially important in
BGP routing policy.

Your AS number is 3895077211.


R1 EBGP peers data:
P - 172.27.0.30, AS 2087403078
T1 - 172.27.0.34, AS 1342930876
R2 EBGP peers data:
T1 - 172.27.0.66, AS AS 1342930876
T2 - 172.27.0.38, AS AS 1342930876
R3 EBGP peers data:
P - 172.27.0.62, AS 2087403078
C1 - 2008:4498::2, AS 65432
R4 EBGP peers data:
C3 - 2008:4498:0:1::2, AS 65432
R5 EBGP peers data:
C2 - 202.202.0.1, AS 65512
TASK 1
Access the CLI for your routers using either the console, Telnet, or SSH as directed by your
instructor. Refer to the management network diagram for the IP address associated with your
devices. Log in as user lab with the password lab123.
TASK COMPLETION
• R1:
R1 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R1>

www.juniper.net BGP Implementation • Lab 6–3


JNCIE Service Provider Bootcamp
• R2:
R2 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R2>
• R3:
R3 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R3>
• R4:
R4 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R4>
• R5:
R5 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R5>
• VR-device:
vr-device (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@vr-device>

TASK 2
Configure the IBGP network. Your IBGP network must be designed using
Route Reflection and must contain one Route Reflection cluster. All
IBGP sessions must use the lo0.0 interface IP address. The failure
of a link or router in the network must not result in any
connectivity issues or isolation of clients.

Lab 6–4 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
TASK INTERPRETATION
The task looks straightforward at first glance. You have five routers in your AS that will act as
either a route reflector (RR) or as clients in a single cluster. Note though, that the cluster must
be redundant because of the requirement that the failure of a link or router in the network must
not result in any connectivity issues or isolation of the clients. We recommend you configure at
least two RRs. In the example provided in the detailed guide we use R3 and R4 as RRs, but you
can choose any two routers.
TASK COMPLETION
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# set routing-options autonomous-system 3895077211

[edit]
lab@R1# show routing-options
router-id 172.27.255.1;
autonomous-system 3895077211

[edit]
lab@R1# edit protocols bgp group cluster-1

[edit protocols bgp group cluster-1]


lab@R1# set type internal local-address 172.27.255.1

[edit protocols bgp group cluster-1]


lab@R1# set neighbor 172.27.255.3

[edit protocols bgp group cluster-1]


lab@R1# set neighbor 172.27.255.4

[edit protocols bgp group cluster-1]


lab@R1# show
type internal;
local-address 172.27.255.1;
neighbor 172.27.255.3;
neighbor 172.27.255.4;

[edit protocols bgp group cluster-1]


lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>

• R2:
lab@R2> configure
Entering configuration mode

www.juniper.net BGP Implementation • Lab 6–5


JNCIE Service Provider Bootcamp
[edit]
lab@R2# set routing-options autonomous-system 3895077211

[edit]
lab@R2# show routing-options
router-id 172.27.255.2;
autonomous-system 3895077211;

[edit]
lab@R2# edit protocols bgp group cluster-1

[edit protocols bgp group cluster-1]


lab@R2# set type internal local-address 172.27.255.2

[edit protocols bgp group cluster-1]


lab@R2# set neighbor 172.27.255.3

[edit protocols bgp group cluster-1]


lab@R2# set neighbor 172.27.255.4

[edit protocols bgp group cluster-1]


lab@R2# show
type internal;
local-address 172.27.255.2;
neighbor 172.27.255.3;
neighbor 172.27.255.4;

[edit protocols bgp group cluster-1]


lab@R2# commit and-quit

commit complete
Exiting configuration mode

lab@R2>
• R3:
lab@R3> configure
Entering configuration mode

[edit]
lab@R3# set routing-options autonomous-system 3895077211

[edit]
lab@R3# show routing-options
router-id 172.27.255.3;
autonomous-system 3895077211;

[edit]
lab@R3# edit protocols bgp group cluster-1

[edit protocols bgp group cluster-1]


lab@R3# set cluster 0.0.0.1

[edit protocols bgp group cluster-1]


lab@R3# set type internal local-address 172.27.255.3

Lab 6–6 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp

[edit protocols bgp group cluster-1]


lab@R3# set neighbor 172.27.255.1

[edit protocols bgp group cluster-1]


lab@R3# set neighbor 172.27.255.2

[edit protocols bgp group cluster-1]


lab@R3# set neighbor 172.27.255.5

[edit protocols bgp group cluster-1]


lab@R3# top edit protocols bgp group internal

[edit protocols bgp group internal]


lab@R3# set neighbor 172.27.255.4

[edit protocols bgp group internal]


lab@R3# set type internal local-address 172.27.255.3

[edit protocols bgp group internal]


lab@R3# top show protocols bgp
group cluster-1 {
type internal;
local-address 172.27.255.3;
cluster 0.0.0.1;
neighbor 172.27.255.1;
neighbor 172.27.255.2;
neighbor 172.27.255.5;
}
group internal {
type internal;
local-address 172.27.255.3;
neighbor 172.27.255.4;
}

[edit protocols bgp group internal]


lab@R3# commit and-quit

commit complete
Exiting configuration mode

lab@R3>
• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# set routing-options autonomous-system 3895077211

[edit]
lab@R4# show routing-options
router-id 172.27.255.4;
autonomous-system 3895077211;

www.juniper.net BGP Implementation • Lab 6–7


JNCIE Service Provider Bootcamp
[edit]
lab@R4# edit protocols bgp group cluster-1

[edit protocols bgp group cluster-1]


lab@R4# set cluster 0.0.0.1

[edit protocols bgp group cluster-1]


lab@R4# set type internal local-address 172.27.255.4

[edit protocols bgp group cluster-1]


lab@R4# set neighbor 172.27.255.1

[edit protocols bgp group cluster-1]


lab@R4# set neighbor 172.27.255.2

[edit protocols bgp group cluster-1]


lab@R4# set neighbor 172.27.255.5

[edit protocols bgp group cluster-1]


lab@R4# top edit protocols bgp group internal

[edit protocols bgp group internal]


lab@R4# set type internal local-address 172.27.255.4

[edit protocols bgp group internal]


lab@R4# set neighbor 172.27.255.3

[edit protocols bgp group internal]


lab@R4# top show protocols bgp
group cluster-1 {
type internal;
local-address 172.27.255.4;
cluster 0.0.0.1;
neighbor 172.27.255.1;
neighbor 172.27.255.2;
neighbor 172.27.255.5;
}
group internal {
type internal;
local-address 172.27.255.4;
neighbor 172.27.255.3;
}

[edit protocols bgp group internal]


lab@R4# commit and-quit

commit complete
Exiting configuration mode

lab@R4>
• R5:
lab@R5> configure
Entering configuration mode

Lab 6–8 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
[edit]
lab@R5# set routing-options autonomous-system 3895077211

[edit]
lab@R5# show routing-options
router-id 172.27.255.5;
autonomous-system 3895077211;

[edit]
lab@R5# edit protocols bgp group cluster-1

[edit protocols bgp group cluster-1]


lab@R5# set type internal local-address 172.27.255.5

[edit protocols bgp group cluster-1]


lab@R5# set neighbor 172.27.255.3

[edit protocols bgp group cluster-1]


lab@R5# set neighbor 172.27.255.4

[edit protocols bgp group cluster-1]


lab@R5# show
type internal;
local-address 172.27.255.5;
neighbor 172.27.255.3;
neighbor 172.27.255.4;

[edit protocols bgp group cluster-1]


lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>

TASK VERIFICATION
Verify that IBGP sessions are established successfully.
• R1:
lab@R1> show bgp summary
Groups: 1 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.255.3 3895077211 130 129 0 0 57:15 0/0/
0/0 0/0/0/0
172.27.255.4 3895077211 27 26 0 0 11:06 0/0/
0/0 0/0/0/0

• R2:
lab@R2> show bgp summary
Groups: 1 Peers: 2 Down peers: 0

www.juniper.net BGP Implementation • Lab 6–9


JNCIE Service Provider Bootcamp
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.255.3 3895077211 130 131 0 0 58:15 0/0/
0/0 0/0/0/0
172.27.255.4 3895077211 28 28 0 0 12:06 0/0/
0/0 0/0/0/0

• R3:
lab@R3> show bgp summary
Groups: 2 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.255.1 3895077211 131 132 0 0 58:28 0/0/
0/0 0/0/0/0
172.27.255.2 3895077211 130 130 0 0 58:24 0/0/
0/0 0/0/0/0
172.27.255.4 3895077211 29 29 0 0 12:07 0/0/
0/0 0/0/0/0
172.27.255.5 3895077211 17 15 0 0 6:24 0/0/
0/0 0/0/0/0

• R4:
lab@R4> show bgp summary
Groups: 2 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.255.1 3895077211 28 30 0 0 12:25 0/0/
0/0 0/0/0/0
172.27.255.2 3895077211 28 29 0 0 12:21 0/0/
0/0 0/0/0/0
172.27.255.3 3895077211 28 29 0 0 12:13 0/0/
0/0 0/0/0/0
172.27.255.5 3895077211 16 16 0 0 6:26 0/0/
0/0 0/0/0/0

• R5:
lab@R5> show bgp summary
Groups: 1 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.255.3 3895077211 15 17 0 0 6:36 0/0/
0/0 0/0/0/0
172.27.255.4 3895077211 15 16 0 0 6:32 0/0/
0/0 0/0/0/0
Lab 6–10 • BGP Implementation www.juniper.net
JNCIE Service Provider Bootcamp
TASK 3
All IBGP sessions in your autonomous system must be authenticated
using MD5 authentication.
TASK INTERPRETATION
The task is straight forward. You must configure md5 authentication for all the IBGP sessions
from each of your routers. The task does not specify what key must be used, so you can use
whatever key you wish. In this detailed guide we use “juniper”.
TASK COMPLETION
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# set protocols bgp group cluster-1 authentication-key juniper

[edit]
lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>
• R2:
lab@R2> configure
Entering configuration mode

[edit]
lab@R2# set protocols bgp group cluster-1 authentication-key juniper

[edit]
lab@R2# commit and-quit

commit complete
Exiting configuration mode

lab@R2>
• R3:
lab@R3> configure
Entering configuration mode

[edit]
lab@R3# set protocols bgp group cluster-1 authentication-key juniper

[edit]
lab@R3# set protocols bgp group internal authentication-key juniper

[edit]
lab@R3# commit and-quit

www.juniper.net BGP Implementation • Lab 6–11


JNCIE Service Provider Bootcamp
commit complete
Exiting configuration mode

lab@R3>
• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# set protocols bgp group cluster-1 authentication-key juniper

[edit]
lab@R4# set protocols bgp group internal authentication-key juniper

[edit]
lab@R4# commit and-quit

commit complete
Exiting configuration mode

lab@R4>
• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# set protocols bgp group cluster-1 authentication-key juniper

[edit]
lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>
TASK VERIFICATION
You can verify authentication is configured by reviewing the neighbors for each router. The output
will not display what the key being used is. To simplify the outputs use the show bgp neighbor
| match "Peer: 172.27.255|Authentication key" command.
• R1:
lab@R1> show bgp neighbor | match "Peer: 172.27.255|Authentication key"
Peer: 172.27.255.3+56190 AS 3895077211 Local: 172.27.255.1+179 AS 3895077211
Authentication key is configured
Peer: 172.27.255.4+179 AS 3895077211 Local: 172.27.255.1+56737 AS 3895077211
Authentication key is configured

• R2:
lab@R2> show bgp neighbor | match "Peer: 172.27.255|Authentication key"
Peer: 172.27.255.3+179 AS 3895077211 Local: 172.27.255.2+56748 AS 3895077211

Lab 6–12 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
Authentication key is configured
Peer: 172.27.255.4+179 AS 3895077211 Local: 172.27.255.2+51719 AS 3895077211
Authentication key is configured

• R3:
lab@R3> show bgp neighbor | match "Peer: 172.27.255|Authentication key"
Peer: 172.27.255.1+179 AS 3895077211 Local: 172.27.255.3+56190 AS 3895077211
Authentication key is configured
Peer: 172.27.255.2+56748 AS 3895077211 Local: 172.27.255.3+179 AS 3895077211
Authentication key is configured
Peer: 172.27.255.4+50303 AS 3895077211 Local: 172.27.255.3+179 AS 3895077211
Authentication key is configured
Peer: 172.27.255.5+61030 AS 3895077211 Local: 172.27.255.3+179 AS 3895077211
Authentication key is configured

• R4:
lab@R4> show bgp neighbor | match "Peer: 172.27.255|Authentication key"
Peer: 172.27.255.1+56737 AS 3895077211 Local: 172.27.255.4+179 AS 3895077211
Authentication key is configured
Peer: 172.27.255.2+51719 AS 3895077211 Local: 172.27.255.4+179 AS 3895077211
Authentication key is configured
Peer: 172.27.255.3+179 AS 3895077211 Local: 172.27.255.4+50303 AS 3895077211
Authentication key is configured
Peer: 172.27.255.5+57711 AS 3895077211 Local: 172.27.255.4+179 AS 3895077211
Authentication key is configured

• R5:
lab@R5> show bgp neighbor | match "Peer: 172.27.255|Authentication key"
Peer: 172.27.255.3+179 AS 3895077211 Local: 172.27.255.5+61030 AS 3895077211
Authentication key is configured
Peer: 172.27.255.4+179 AS 3895077211 Local: 172.27.255.5+57711 AS 3895077211
Authentication key is configured

TASK 4
Configure a BGP session to C2 Customer, Peer (P) and Transit (T)
neighbors. Configure the EBGP session to C2 to load balance over the
two links that connect R5 and C2. There should only be one BGP
session used. A static route is permissible to complete this task.

www.juniper.net BGP Implementation • Lab 6–13


JNCIE Service Provider Bootcamp
TASK INTERPRETATION
The EBGP sessions to the peer and transit neighbors are regular single-hop EBGP sessions. For
the C2 neighbor, you should configure the multihop option in order to load-balance over the
two physical links. A static route is required to establish a loopback-to-loopback session.

Note
It might take a few minutes for the BGP
session with C2 to establish. If the BGP
session does not establish immediately,
wait three to five minutes before you begin
troubleshooting the session.

TASK COMPLETION
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# set protocols bgp group T1 type external

[edit]
lab@R1# set protocols bgp group T1 peer-as 1342930876

[edit]
lab@R1# set protocols bgp group T1 neighbor 172.27.0.34

[edit]
lab@R1# set protocols bgp group P type external

[edit]
lab@R1# set protocols bgp group P peer-as 2087403078

[edit]
lab@R1# set protocols bgp group P neighbor 172.27.0.30

[edit]
lab@R1# show protocols bgp
group cluster-1 {
type internal;
local-address 172.27.255.1;
authentication-key "$9$v5P8xd24Zk.5bs.5QFAtM8X"; ## SECRET-DATA
neighbor 172.27.255.3;
neighbor 172.27.255.4;
}
group T1 {
type external;
peer-as 1342930876;
neighbor 172.27.0.34;
}
group P {
type external;

Lab 6–14 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
peer-as 2087403078;
neighbor 172.27.0.30;
}

[edit]
lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>
• R2:
lab@R2> configure
Entering configuration mode

[edit]
lab@R2# set protocols bgp group T1-T2 type external

[edit]
lab@R2# set protocols bgp group T1-T2 peer-as 1342930876

[edit]
lab@R2# set protocols bgp group T1-T2 neighbor 172.27.0.66

[edit]
lab@R2# set protocols bgp group T1-T2 neighbor 172.27.0.38

[edit]
lab@R2# show protocols bgp
group cluster-1 {
type internal;
local-address 172.27.255.2;
authentication-key "$9$AMDcuBElK8db2cyb24aiHtuO"; ## SECRET-DATA
neighbor 172.27.255.3;
neighbor 172.27.255.4;
}
group T1-T2 {
type external;
peer-as 1342930876;
neighbor 172.27.0.66;
neighbor 172.27.0.38;
}

[edit]
lab@R2# commit and-quit

commit complete
Exiting configuration mode

lab@R2>
• R3:
lab@R3> configure
Entering configuration mode

www.juniper.net BGP Implementation • Lab 6–15


JNCIE Service Provider Bootcamp

[edit]
lab@R3# set protocols bgp group P type external

[edit]
lab@R3# set protocols bgp group P peer-as 2087403078

[edit]
lab@R3# set protocols bgp group P neighbor 172.27.0.62

[edit]
lab@R3# show protocols bgp
group cluster-1 {
type internal;
local-address 172.27.255.3;
authentication-key "$9$XeSNVYJGifT3goT369OBxNd"; ## SECRET-DATA
cluster 0.0.0.1;
neighbor 172.27.255.1;
neighbor 172.27.255.2;
neighbor 172.27.255.5;
}
group internal {
type internal;
local-address 172.27.255.3;
authentication-key "$9$j9kmT69pRhrz3hrev7Nik."; ## SECRET-DATA
neighbor 172.27.255.4;
}
group P {
type external;
peer-as 2087403078;
neighbor 172.27.0.62;
}

[edit]
lab@R3# commit and-quit

commit complete
Exiting configuration mode

lab@R3>
• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# set routing-options static route 202.202.0.1/32 next-hop 172.27.0.50

[edit]
lab@R5# set routing-options static route 202.202.0.1/32 next-hop 172.27.0.74

[edit]
lab@R5# show routing-options
static {
route 202.202.0.1/32 next-hop [ 172.27.0.50 172.27.0.74 ];

Lab 6–16 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
}
router-id 172.27.255.5;
autonomous-system 3895077211;

[edit]
lab@R5# set protocols bgp group C2 type external

[edit]
lab@R5# set protocols bgp group C2 multihop

[edit]
lab@R5# set protocols bgp group C2 local-address 172.27.255.5

[edit]
lab@R5# set protocols bgp group C2 peer-as 65512

[edit]
lab@R5# set protocols bgp group C2 neighbor 202.202.0.1

[edit]
lab@R5# show protocols bgp
group cluster-1 {
type internal;
local-address 172.27.255.5;
authentication-key "$9$xfz-b2ZUH5Qn4aQn/CB17-V"; ## SECRET-DATA
neighbor 172.27.255.3;
neighbor 172.27.255.4;
}
group C2 {
type external;
multihop;
local-address 172.27.255.5;
peer-as 65512;
neighbor 202.202.0.1;
}

[edit]
lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>
TASK VERIFICATION
Verify that EBGP sessions are established successfully. You should also verify that the routes
received from the C2 neighbor at the R5 router shows two physical next hops.
• R1:
lab@R1> show bgp summary
Groups: 3 Peers: 4 Down peers: 0

www.juniper.net BGP Implementation • Lab 6–17


JNCIE Service Provider Bootcamp
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 908 884 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.30 2087403078 102 582 0 0 45:12 24/
24/24/0 0/0/0/0
172.27.0.34 1342930876 581 104 0 0 45:13 860/
860/860/0 0/0/0/0
172.27.255.3 3895077211 148 632 0 0 1:05:43 0/24/
24/0 0/0/0/0
172.27.255.4 3895077211 139 625 0 0 1:03:08 0/0/
0/0 0/0/0/0

• R2:
lab@R2> show bgp summary
Groups: 2 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 1745 871 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.38 1342930876 576 95 0 0 42:45 11/
861/861/0 0/0/0/0
172.27.0.66 1342930876 504 96 0 0 42:49 860/
860/860/0 0/0/0/0
172.27.255.3 3895077211 153 576 0 0 1:07:47 0/24/
24/0 0/0/0/0
172.27.255.4 3895077211 145 568 0 0 1:05:04 0/0/
0/0 0/0/0/0

• R3:
lab@R3> show bgp summary
Groups: 3 Peers: 5 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 1786 24 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.62 2087403078 89 90 0 0 39:57 24/
24/24/0 0/0/0/0
172.27.255.1 3895077211 639 155 0 0 1:09:00 0/884/
884/0 0/0/0/0
172.27.255.2 3895077211 578 157 0 0 1:09:09 0/871/
871/0 0/0/0/0
172.27.255.4 3895077211 148 150 0 0 1:06:10 0/0/
0/0 0/0/0/0
172.27.255.5 3895077211 146 146 0 0 1:04:46 0/7/
7/0 0/0/0/0

• R5:
lab@R5> show bgp summary
Groups: 2 Peers: 3 Down peers: 0

Lab 6–18 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 31 7 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.255.3 3895077211 146 148 0 0 1:05:27 0/24/
24/0 0/0/0/0
172.27.255.4 3895077211 144 146 0 0 1:05:23 0/0/
0/0 0/0/0/0
202.202.0.1 65512 79 80 0 0 35:06 7/7/
7/0 0/0/0/0

lab@R5> show route protocol bgp 202/8 terse

inet.0: 45 destinations, 52 routes (28 active, 0 holddown, 24 hidden)


+ = Active Route, - = Last Active, * = Both

A V Destination P Prf Metric 1 Metric 2 Next hop AS path


* ? 202.202.0.0/24 B 170 100 65512 65512 I
unverified >172.27.0.50
172.27.0.74
* ? 202.202.2.0/24 B 170 100 65512 65512 I
unverified >172.27.0.50
172.27.0.74
* ? 202.202.3.0/24 B 170 100 65512 65512 I
unverified >172.27.0.50
172.27.0.74
* ? 202.202.4.0/24 B 170 100 65512 65512 I
unverified >172.27.0.50
172.27.0.74
* ? 202.202.5.0/24 B 170 100 65512 65512 I
unverified >172.27.0.50
172.27.0.74
* ? 202.202.6.0/24 B 170 100 65512 65512 I
unverified >172.27.0.50
172.27.0.74
* ? 202.202.7.0/24 B 170 100 65512 65512 I
unverified >172.27.0.50
172.27.0.74
TASK 5
Configure the R2 router to use load balancing over the two peering
sessions with T1 and T2 routers.
TASK INTERPRETATION
To make the R2 router load balance over the two EBGP sessions, you must configure the
multipath option.
TASK COMPLETION
• R2:
lab@R2> configure
Entering configuration mode

[edit]
lab@R2# set protocols bgp group T1-T2 multipath

www.juniper.net BGP Implementation • Lab 6–19


JNCIE Service Provider Bootcamp

[edit]
lab@R2# commit and-quit

commit complete
Exiting configuration mode

lab@R2>

TASK VERIFICATION
Verify that the routes received from both T1 and T2 neighbors at R2 router show two physical
next hops.
• R2:
lab@R2> show route protocol bgp 6/8 terse active-path

inet.0: 915 destinations, 1765 routes (891 active, 0 holddown, 24 hidden)


+ = Active Route, - = Last Active, * = Both

A V Destination P Prf Metric 1 Metric 2 Next hop AS path


* ? 6.1.0.0/16 B 170 100 1342930876 8918
668 1455 I
unverified 172.27.0.38
>172.27.0.66
* ? 6.2.0.0/22 B 170 100 1342930876 8918
668 1455 I
unverified >172.27.0.38
172.27.0.66
* ? 6.3.0.0/18 B 170 100 1342930876 8918
668 1455 I
unverified >172.27.0.38
172.27.0.66
* ? 6.4.0.0/16 B 170 100 1342930876 8918
668 1455 I
unverified >172.27.0.38
172.27.0.66
* ? 6.5.0.0/19 B 170 100 1342930876 8918
668 1455 I
unverified >172.27.0.38
172.27.0.66
* ? 6.8.0.0/20 B 170 100 1342930876 8918
668 1455 I
unverified 172.27.0.38
>172.27.0.66
* ? 6.9.0.0/20 B 170 100 1342930876 8918
668 1455 I
unverified >172.27.0.38
172.27.0.66
* ? 6.10.0.0/15 B 170 100 1342930876 8918
668 1455 I
unverified 172.27.0.38
>172.27.0.66

Lab 6–20 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
* ? 6.14.0.0/15 B 170 100 1342930876 8918
668 1455 I
unverified >172.27.0.38
172.27.0.66
TASK 6
All Peer (P), Transit provider (T1, T2) and C2 IPv4 prefixes should
be active and reachable on all routers in your AS.
TASK INTERPRETATION
To ensure that all the external IPv4 routes are reachable across your A,S you must ensure that
all the routers in your AS can resolve BGP next hops.
TASK COMPLETION
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# edit policy-options policy-statement nhs

[edit policy-options policy-statement nhs]


lab@R1# set term 1 from protocol bgp

[edit policy-options policy-statement nhs]


lab@R1# set term 1 from route-type external

[edit policy-options policy-statement nhs]


lab@R1# set term 1 then next-hop self

[edit policy-options policy-statement nhs]


lab@R1# show
term 1 {
from {
protocol bgp;
route-type external;
}
then {
next-hop self;
}
}

[edit policy-options policy-statement nhs]


lab@R1# top

[edit]
lab@R1# set protocols bgp group cluster-1 export nhs

[edit]
lab@R1# show protocols bgp group cluster-1
type internal;
local-address 172.27.255.1;
authentication-key "$9$v5P8xd24Zk.5bs.5QFAtM8X"; ## SECRET-DATA
export nhs;

www.juniper.net BGP Implementation • Lab 6–21


JNCIE Service Provider Bootcamp
neighbor 172.27.255.3;
neighbor 172.27.255.4;

[edit]
lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>

• R2:
lab@R2> configure
Entering configuration mode

[edit]
lab@R2# edit policy-options policy-statement nhs

[edit policy-options policy-statement nhs]


lab@R2# set term 1 from protocol bgp

[edit policy-options policy-statement nhs]


lab@R2# set term 1 from route-type external

[edit policy-options policy-statement nhs]


lab@R2# set term 1 then next-hop self

[edit policy-options policy-statement nhs]


lab@R2# show
term 1 {
from {
protocol bgp;
route-type external;
}
then {
next-hop self;
}
}

[edit policy-options policy-statement nhs]


lab@R2# top

[edit]
lab@R2# set protocols bgp group cluster-1 export nhs

[edit]
lab@R2# show protocols bgp group cluster-1
type internal;
local-address 172.27.255.2;
authentication-key "$9$AMDcuBElK8db2cyb24aiHtuO"; ## SECRET-DATA
export nhs;
neighbor 172.27.255.3;
neighbor 172.27.255.4;

Lab 6–22 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
[edit]
lab@R2# commit and-quit

commit complete
Exiting configuration mode

lab@R2>

• R3:
lab@R3> configure
Entering configuration mode

[edit]
lab@R3# edit policy-options policy-statement nhs

[edit policy-options policy-statement nhs]


lab@R3# set term 1 from protocol bgp

[edit policy-options policy-statement nhs]


lab@R3# set term 1 from route-type external

[edit policy-options policy-statement nhs]


lab@R3# set term 1 then next-hop self

[edit policy-options policy-statement nhs]


lab@R3# show
term 1 {
from {
protocol bgp;
route-type external;
}
then {
next-hop self;
}
}

[edit policy-options policy-statement nhs]


lab@R3# top

[edit]
lab@R3# set protocols bgp group cluster-1 export nhs

[edit]
lab@R3# show protocols bgp group cluster-1
type internal;
local-address 172.27.255.3;
authentication-key "$9$XeSNVYJGifT3goT369OBxNd"; ## SECRET-DATA
export nhs;
cluster 0.0.0.1;
neighbor 172.27.255.1;
neighbor 172.27.255.2;
neighbor 172.27.255.5;

www.juniper.net BGP Implementation • Lab 6–23


JNCIE Service Provider Bootcamp
[edit]
lab@R3# set protocols bgp group internal export nhs

[edit]
lab@R3# show protocols bgp group internal
type internal;
local-address 172.27.255.3;
authentication-key "$9$j9kmT69pRhrz3hrev7Nik."; ## SECRET-DATA
export nhs;
neighbor 172.27.255.4;

[edit]
lab@R3# commit and-quit

commit complete
Exiting configuration mode

lab@R3>

• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# edit policy-options policy-statement nhs

[edit policy-options policy-statement nhs]


lab@R5# set term 1 from protocol bgp

[edit policy-options policy-statement nhs]


lab@R5# set term 1 from route-type external

[edit policy-options policy-statement nhs]


lab@R5# set term 1 then next-hop self

[edit policy-options policy-statement nhs]


lab@R5# show
term 1 {
from {
protocol bgp;
route-type external;
}
then {
next-hop self;
}
}

[edit policy-options policy-statement nhs]


lab@R5# top

[edit]
lab@R5# set protocols bgp group cluster-1 export nhs

Lab 6–24 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
[edit]
lab@R5# show protocols bgp group cluster-1
type internal;
local-address 172.27.255.5;
authentication-key "$9$xfz-b2ZUH5Qn4aQn/CB17-V"; ## SECRET-DATA
export nhs;
neighbor 172.27.255.3;
neighbor 172.27.255.4;

[edit]
lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>

TASK VERIFICATION
Verify that all the routers in your AS can resolve BGP next hops.
• R1:
lab@R1> show route 202.202/24

inet.0: 916 destinations, 951 routes (916 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 00:48:06, localpref 100


AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.30 via ge-0/0/1.0
[BGP/170] 00:06:17, localpref 100, from 172.27.255.3
AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0

lab@R1> show route resolution unresolved


Tree Index 1
Tree Index 2
Tree Index 3
Tree Index 4

• R2:
lab@R2> show route 202.202/24

inet.0: 915 destinations, 3509 routes (915 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 00:14:32, localpref 100, from 172.27.255.4


AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.1 via ge-0/0/1.0
[BGP/170] 00:11:33, localpref 100, from 172.27.255.3
AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.1 via ge-0/0/1.0
to 172.27.0.6 via ge-0/0/4.0

www.juniper.net BGP Implementation • Lab 6–25


JNCIE Service Provider Bootcamp
lab@R2> show route 150.150/24

inet.0: 915 destinations, 3509 routes (915 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 00:15:25, localpref 100, from 172.27.255.4


AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.1 via ge-0/0/1.0
[BGP/170] 00:12:27, localpref 100, from 172.27.255.3
AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.1 via ge-0/0/1.0
to 172.27.0.6 via ge-0/0/4.0

lab@R2> show route resolution unresolved


Tree Index 1
Tree Index 2
Tree Index 3
Tree Index 4

• R3:
lab@R3> show route 111.111.1/24

inet.0: 914 destinations, 1805 routes (914 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 00:15:49, localpref 100, from 172.27.255.1


AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.14 via ge-0/0/1.0
[BGP/170] 00:15:30, localpref 100, from 172.27.255.2
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.14 via ge-0/0/1.0
to 172.27.0.18 via ge-0/0/2.0

lab@R3> show route 202.202/24

inet.0: 914 destinations, 1805 routes (914 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 00:52:16, localpref 100


AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.62 via ge-0/0/5.0
[BGP/170] 00:16:09, localpref 100, from 172.27.255.1
AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.14 via ge-0/0/1.0
[BGP/170] 00:15:37, localpref 100, from 172.27.255.5
AS path: 65512 65512 I, validation-state: unverified
> to 172.27.0.25 via ge-0/0/3.0

lab@R3> show route resolution unresolved


Tree Index 1
Tree Index 2
Tree Index 3
Tree Index 4

Lab 6–26 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
• R4:
lab@R4> show route 111.111.1/24

inet.0: 913 destinations, 1804 routes (913 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 00:16:44, localpref 100, from 172.27.255.1


AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.10 via ae0.0
[BGP/170] 00:16:25, localpref 100, from 172.27.255.2
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.5 via ge-0/0/1.0

lab@R4> show route 202.202/24

inet.0: 913 destinations, 1804 routes (913 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 00:17:22, localpref 100, from 172.27.255.1


AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.10 via ae0.0
[BGP/170] 00:14:23, localpref 100, from 172.27.255.3
AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.17 via ge-0/0/5.0
[BGP/170] 00:16:49, localpref 100, from 172.27.255.5
AS path: 65512 65512 I, validation-state: unverified
> to 172.27.0.22 via ge-0/0/4.0

lab@R4> show route 150.150/24

inet.0: 913 destinations, 1804 routes (913 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 00:17:45, localpref 100, from 172.27.255.1


AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.10 via ae0.0
[BGP/170] 00:14:46, localpref 100, from 172.27.255.3
AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.17 via ge-0/0/5.0

lab@R4> show route resolution unresolved


Tree Index 1
Tree Index 2
Tree Index 3
Tree Index 4

• R5:
lab@R5> show route 111.111.1/24

inet.0: 916 destinations, 1818 routes (916 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

www.juniper.net BGP Implementation • Lab 6–27


JNCIE Service Provider Bootcamp
111.111.1.0/24 *[BGP/170] 00:18:10, localpref 100, from 172.27.255.3
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.21 via ge-0/0/2.0
[BGP/170] 00:18:10, localpref 100, from 172.27.255.4
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.21 via ge-0/0/2.0

lab@R5> show route 150.150/24

inet.0: 916 destinations, 1818 routes (916 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 00:15:36, localpref 100, from 172.27.255.3


AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.26 via ge-0/0/1.0
[BGP/170] 00:18:35, localpref 100, from 172.27.255.4
AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.21 via ge-0/0/2.0

lab@R5> show route resolution unresolved


Tree Index 1
Tree Index 2
Tree Index 3
Tree Index 4

TASK 7
Routers C1 and C3 belong to the same customer, which uses IPv6
routing. Provide the communication between C1 and C3 over your AS.
Both C1 and C3 routers must be able to communicate with the Transit
routers T1 and T2 using IPv6. You must share IPv6 routes with the
Transit routers over your existing IPv4 peerings. You must use the
IPv4-compatible address on your peering from R1 to T1. You are
allowed to use the IPv4-mapped address on the peerings from R2. IPv6
packet forwarding in your AS is not permitted.
TASK INTERPRETATION
In this task, the IPv6 forwarding in your network is not allowed but communication must be
provided between C1, C3, T1, and T2. 6PE is the application that can be used to solve the
problem. 6PE requires the network running MPLS, which is preconfigured in your topology. Your
task now is to configure 6PE on the four PE routers servicing the IPv6 topology. You must also
ensure that IPv6 routes are shared over the IPv4 sessions.
TASK COMPLETION
Configure core-facing interfaces on R1, R2, R3, and R4 to support family inet6. Configure
AS-external interfaces on R1 and R2 to support family inet6 with the appropriate
IPv4-compatible or IPv4-mapped IPv6 addresses. Configure AS-external interfaces on R3 and R4
to support family inet6 with the IPv6 native addresses.
Configure IBGP on R1, R2, R3, R4 to support 6PE signaling. Configure EBGP on R1 and R2 to
support family IPv6. Configure EBGP on R3 and R4 as native IPv6 BGP.
Configure MPLS on R1, R2, R3, R4 to support IPv6 tunneling.

Lab 6–28 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
Configure R1’s IPv4 EBGP peering with T1 to use the accept-remote-nexthop option and
configure a policy that will change the next hop of the incoming IPv6 routes to your EBGP
neighbor address.
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# edit interfaces

[edit interfaces]
lab@R1# set ge-0/0/2 unit 0 family inet6 address ::172.27.0.33/126

[edit interfaces]
lab@R1# set ge-0/0/3 unit 0 family inet6

[edit interfaces]
lab@R1# set ge-0/0/6 unit 0 family inet6

[edit interfaces]
lab@R1# set ae0 unit 0 family inet6

[edit interfaces]
lab@R1# show ge-0/0/2
description "Connection to T1";
unit 0 {
family inet {
address 172.27.0.33/30;
}
family inet6 {
address ::172.27.0.33/126;
}
}

[edit interfaces]
lab@R1# show ge-0/0/3
description "Connection to R2";
unit 0 {
family inet {
address 172.27.0.1/30;
}
family inet6;
family mpls;
}

lab@R1# show ge-0/0/6


description "Connection to R3";
unit 0 {
family inet {
address 172.27.0.14/30;
}
family inet6;
family mpls;
}

www.juniper.net BGP Implementation • Lab 6–29


JNCIE Service Provider Bootcamp

[edit interfaces]
lab@R1# show ae0
description "Connection to R4";
aggregated-ether-options {
lacp {
active;
}
}
unit 0 {
family inet {
address 172.27.0.10/30;
}
family inet6;
family mpls;
}

[edit interfaces]
lab@R1# top

[edit]
lab@R1# set protocols bgp group cluster-1 family inet unicast

[edit]
lab@R1# set protocols bgp group cluster-1 family inet6 labeled-unicast
explicit-null

[edit]
lab@R1# show protocols bgp group cluster-1
type internal;
local-address 172.27.255.1;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$v5P8xd24Zk.5bs.5QFAtM8X"; ## SECRET-DATA
export nhs;
neighbor 172.27.255.3;
neighbor 172.27.255.4;

[edit]
lab@R1# set protocols bgp group T1 accept-remote-nexthop

[edit]
lab@R1# set protocols bgp group T1 family inet unicast

[edit]
lab@R1# set protocols bgp group T1 family inet6 unicast

[edit]
lab@R1# show protocols bgp group T1

Lab 6–30 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
type external;
accept-remote-nexthop;
import accept-T1-ipv6;
family inet {
unicast;
}
family inet6 {
unicast;
}
peer-as 1342930876;
neighbor 172.27.0.34;

[edit]
lab@R1# edit policy-options policy-statement accept-T1-ipv6

[edit policy-options policy-statement accept-T1-ipv6]


lab@R1# set term 1 from protocol bgp

[edit policy-options policy-statement accept-T1-ipv6]


lab@R1# set term 1 from family inet6

[edit policy-options policy-statement accept-T1-ipv6]


lab@R1# set term 1 then next-hop ::172.27.0.34

[edit policy-options policy-statement accept-T1-ipv6]


lab@R1# set term 1 then accept

[edit policy-options policy-statement accept-T1-ipv6]


lab@R1# show
term 1 {
from {
family inet6;
protocol bgp;
}
then {
next-hop ::172.27.0.34;
accept;
}
}

[edit policy-options policy-statement accept-T1-ipv6]


lab@R1# top

[edit]
lab@R1# set protocols bgp group T1 import accept-T1-ipv6

[edit]
lab@R1# set protocols mpls ipv6-tunneling

[edit]
lab@R1# show protocols mpls
ipv6-tunneling;
interface ge-0/0/3.0;
interface ge-0/0/6.0;
interface ae0.0;

www.juniper.net BGP Implementation • Lab 6–31


JNCIE Service Provider Bootcamp

[edit]
lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>

• R2:
lab@R2> configure
Entering configuration mode

[edit]
lab@R2# edit interfaces

[edit interfaces]
lab@R2# set ge-0/0/1 unit 0 family inet6

[edit interfaces]
lab@R2# set ge-0/0/2 unit 0 family inet6 address ::FFFF:172.27.0.37/126

[edit interfaces]
lab@R2# set ge-0/0/3 unit 0 family inet6 address ::FFFF:172.27.0.65/126

[edit interfaces]
lab@R2# set ge-0/0/4 unit 0 family inet6

[edit interfaces]
lab@R2# show ge-0/0/1
description "Connection to R1";
unit 0 {
family inet {
address 172.27.0.2/30;
}
family inet6;
family mpls;
}

[edit interfaces]
lab@R2# show ge-0/0/2
description "Connection to T2";
unit 0 {
family inet {
address 172.27.0.37/30;
}
family inet6 {
address ::ffff:172.27.0.37/126;
}
}

[edit interfaces]
lab@R2# show ge-0/0/3
description "Connection to T1";

Lab 6–32 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
unit 0 {
family inet {
address 172.27.0.65/30;
}
family inet6 {
address ::ffff:172.27.0.65/126;
}
}

[edit interfaces]
lab@R2# show ge-0/0/4
description "Connection to R4";
unit 0 {
family inet {
address 172.27.0.5/30;
}
family inet6;
family mpls;
}

[edit interfaces]
lab@R2# top

[edit]
lab@R2# set protocols bgp group cluster-1 family inet unicast

[edit]
lab@R2# set protocols bgp group cluster-1 family inet6 labeled-unicast
explicit-null

[edit]
lab@R2# show protocols bgp group cluster-1
type internal;
local-address 172.27.255.2;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$AMDcuBElK8db2cyb24aiHtuO"; ## SECRET-DATA
export nhs;
neighbor 172.27.255.3;
neighbor 172.27.255.4;

[edit]
lab@R2# set protocols bgp group T1-T2 accept-remote-nexthop

[edit]
lab@R2# set protocols bgp group T1-T2 family inet unicast

[edit]
lab@R2# set protocols bgp group T1-T2 family inet6 unicast

www.juniper.net BGP Implementation • Lab 6–33


JNCIE Service Provider Bootcamp

[edit]
lab@R2# show protocols bgp group T1-T2
type external;
accept-remote-nexthop;
family inet {
unicast;
}
family inet6 {
unicast;
}
peer-as 1342930876;
multipath;
neighbor 172.27.0.66;
neighbor 172.27.0.38

[edit]
lab@R2# set protocols mpls ipv6-tunneling

[edit]
lab@R2# show protocols mpls
ipv6-tunneling;
interface ge-0/0/1.0;
interface ge-0/0/4.0;

[edit]
lab@R2# commit and-quit

commit complete
Exiting configuration mode

lab@R2>

• R3:
lab@R3> configure
Entering configuration mode

[edit]
lab@R3# edit interfaces

[edit interfaces]
lab@R3# set ge-0/0/1 unit 0 family inet6

[edit interfaces]
lab@R3# set ge-0/0/2 unit 0 family inet6

[edit interfaces]
lab@R3# set ge-0/0/3 unit 0 family inet6

[edit interfaces]
lab@R3# set ge-0/0/4 unit 0 family inet6 address 2008:4498::1/64

[edit interfaces]
lab@R3# show ge-0/0/1

Lab 6–34 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
description "Connection to R1";
unit 0 {
family inet {
address 172.27.0.13/30;
}
family inet6;
family mpls;
}

[edit interfaces]
lab@R3# show ge-0/0/2
description "Connection to R4";
unit 0 {
family inet {
address 172.27.0.17/30;
}
family inet6;
family mpls;
}

[edit interfaces]
lab@R3# show ge-0/0/3
description "Connection to R5";
unit 0 {
family inet {
address 172.27.0.26/30;
}
family inet6;
family mpls;
}

[edit interfaces]
lab@R3# show ge-0/0/4
description "Connection to C1";
unit 0 {
family inet6 {
address 2008:4498::1/64;
}
}

[edit interfaces]
lab@R3# top

[edit]
lab@R3# set protocols bgp group cluster-1 family inet unicast

[edit]
lab@R3# set protocols bgp group cluster-1 family inet6 labeled-unicast
explicit-null

[edit]
lab@R3# show protocols bgp group cluster-1
type internal;
local-address 172.27.255.3;
family inet {

www.juniper.net BGP Implementation • Lab 6–35


JNCIE Service Provider Bootcamp
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$XeSNVYJGifT3goT369OBxNd"; ## SECRET-DATA
export nhs;
cluster 0.0.0.1;
neighbor 172.27.255.1;
neighbor 172.27.255.2;
neighbor 172.27.255.5;

[edit]
lab@R3# set protocols bgp group internal family inet unicast

[edit]
lab@R3# set protocols bgp group internal family inet6 labeled-unicast explicit-null

[edit]
lab@R3# show protocols bgp group internal
type internal;
local-address 172.27.255.3;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$j9kmT69pRhrz3hrev7Nik."; ## SECRET-DATA
export nhs;
neighbor 172.27.255.4;

[edit]
lab@R3# set protocols bgp group C1 type external

[edit]
lab@R3# set protocols bgp group C1 peer-as 65432

[edit]
lab@R3# set protocols bgp group C1 as-override

[edit]
lab@R3# set protocols bgp group C1 neighbor 2008:4498::2

[edit]
lab@R3# show protocols bgp group C1
type external;
peer-as 65432;
as-override;
neighbor 2008:4498::2;

Lab 6–36 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
[edit]
lab@R3# set protocols mpls ipv6-tunneling

[edit]
lab@R3# show protocols mpls
ipv6-tunneling;
interface ge-0/0/1.0;
interface ge-0/0/2.0;
interface ge-0/0/3.0;

[edit]
lab@R3# commit and-quit

commit complete
Exiting configuration mode

lab@R3>

• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# edit interfaces

[edit interfaces]
lab@R4# set ge-0/0/1 unit 0 family inet6

[edit interfaces]
lab@R4# set ge-0/0/2 unit 0 family inet6 address 2008:4498:0:1::1/64

[edit interfaces]
lab@R4# set ge-0/0/4 unit 0 family inet6

[edit interfaces]
lab@R4# set ge-0/0/5 unit 0 family inet6

[edit interfaces]
lab@R4# set ae0 unit 0 family inet6

[edit interfaces]
lab@R4# show ge-0/0/1
description "Connection to R2";
unit 0 {
family inet {
address 172.27.0.6/30;
}
family inet6;
family mpls;
}

[edit interfaces]
lab@R4# show ge-0/0/2
description "Connection to C3";

www.juniper.net BGP Implementation • Lab 6–37


JNCIE Service Provider Bootcamp
unit 0 {
family inet6 {
address 2008:4498:0:1::1/64;
}
}

[edit interfaces]
lab@R4# show ge-0/0/4
description "Connection to R5";
unit 0 {
family inet {
address 172.27.0.21/30;
}
family inet6;
family mpls;
}

[edit interfaces]
lab@R4# show ge-0/0/5
description "Connection to R3";
unit 0 {
family inet {
address 172.27.0.18/30;
}
family inet6;
family mpls;
}

[edit interfaces]
lab@R4# show ae0
description "Connection to R1";
aggregated-ether-options {
lacp {
passive;
}
}
unit 0 {
family inet {
address 172.27.0.9/30;
}
family inet6;
family mpls;
}

[edit interfaces]
lab@R4# top

[edit]
lab@R4# set protocols bgp group cluster-1 family inet unicast

[edit]
lab@R4# set protocols bgp group cluster-1 family inet6 labeled-unicast
explicit-null

Lab 6–38 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
[edit]
lab@R4# show protocols bgp group cluster-1
type internal;
local-address 172.27.255.4;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$U3iqf36A1RSTzRSreXxDik"; ## SECRET-DATA
cluster 0.0.0.1;
neighbor 172.27.255.1;
neighbor 172.27.255.2;
neighbor 172.27.255.5;

[edit]
lab@R4# set protocols bgp group internal family inet unicast

[edit]
lab@R4# set protocols bgp group internal family inet6 labeled-unicast
explicit-null

[edit]
lab@R4# show protocols bgp group internal
type internal;
local-address 172.27.255.4;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$EFaSlM7-waZj8XZjHqQzhSr"; ## SECRET-DATA
neighbor 172.27.255.3;

[edit]
lab@R4# set protocols bgp group C3 type external

[edit]
lab@R4# set protocols bgp group C3 peer-as 65432

[edit]
lab@R4# set protocols bgp group C3 as-override

[edit]
lab@R4# set protocols bgp group C3 neighbor 2008:4498:0:1::2

[edit]
lab@R4# show protocols bgp group C3
type external;

www.juniper.net BGP Implementation • Lab 6–39


JNCIE Service Provider Bootcamp
peer-as 65432;
as-override;
neighbor 2008:4498:0:1::2;

[edit]
lab@R4# set protocols mpls ipv6-tunneling

[edit]
lab@R4# show protocols mpls
ipv6-tunneling;
interface ge-0/0/1.0;
interface ge-0/0/4.0;
interface ge-0/0/5.0;
interface ae0.0;

[edit]
lab@R4# commit and-quit

commit complete
Exiting configuration mode

lab@R4>

TASK VERIFICATION
Verify that BGP sessions with family inet6 support are established successfully.
Verify that IPv4-mapped IPv6 loopback addresses are reachable in inet6.3 table.
Verify that R1, R2, R3, and R4 exchange IPv6 routes.
• R1:
lab@R1> show bgp summary
Groups: 3 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 930 895 0 0 0 0
inet6.0 65 33 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.30 2087403078 455 1393 0 0 3:27:21 24/
24/24/0 0/0/0/0
172.27.0.34 1342930876 583 177 0 0 1:17:52 Establ
inet.0: 860/860/860/0
inet6.0: 1/1/1/0
172.27.255.3 3895077211 84 491 0 1 34:26 Establ
inet.0: 11/35/35/0
inet6.0: 16/32/32/0
172.27.255.4 3895077211 46 455 0 1 18:07 Establ
inet.0: 0/11/11/0
inet6.0: 16/32/32/0

lab@R1> show route table inet6.3

inet6.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

Lab 6–40 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
::ffff:172.27.255.2/128
*[LDP/20] 01:19:19, metric 10
> to 172.27.0.2 via ge-0/0/3.0
::ffff:172.27.255.3/128
*[LDP/20] 01:19:19, metric 10
> to 172.27.0.13 via ge-0/0/6.0
::ffff:172.27.255.4/128
*[LDP/20] 01:19:19, metric 5
> to 172.27.0.9 via ae0.0
::ffff:172.27.255.5/128
*[LDP/20] 01:19:19, metric 15
> to 172.27.0.9 via ae0.0, Push 299776

lab@R1> show route receive-protocol bgp 172.27.0.34 table inet6.0

inet6.0: 40 destinations, 75 routes (40 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* ::/0 ::ffff:172.27.0.34 1342930876 I

lab@R1> show route advertising-protocol bgp 172.27.0.34 table inet6.0


2008:4498:1::/64

inet6.0: 40 destinations, 75 routes (40 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498:1::/64 Self 65432 I

lab@R1> show route advertising-protocol bgp 172.27.0.34 table inet6.0


2008:4498:2::/64

inet6.0: 40 destinations, 75 routes (40 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498:2::/64 Self 65432 I

lab@R1> show route advertising-protocol bgp 172.27.255.3 table inet6.0

inet6.0: 40 destinations, 75 routes (40 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* ::/0 Self 100 1342930876 I

lab@R1> show route advertising-protocol bgp 172.27.255.4 table inet6.0

inet6.0: 40 destinations, 75 routes (40 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* ::/0 Self 100 1342930876 I

• R2:
lab@R2> show bgp summary
Groups: 2 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 3489 1745 0 0 0 0
inet6.0 68 34 0 0 0 0

www.juniper.net BGP Implementation • Lab 6–41


JNCIE Service Provider Bootcamp
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.38 1342930876 615 137 0 0 59:31 Establ
inet.0: 861/861/861/0
inet6.0: 1/1/1/0
172.27.0.66 1342930876 543 137 0 0 59:34 Establ
inet.0: 860/860/860/0
inet6.0: 1/1/1/0
172.27.255.3 3895077211 517 512 0 1 44:55 Establ
inet.0: 0/884/884/0
inet6.0: 16/33/33/0
172.27.255.4 3895077211 481 476 0 1 28:36 Establ
inet.0: 24/884/884/0
inet6.0: 16/33/33/0

lab@R2> show route table inet6.3

inet6.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

::ffff:172.27.255.1/128
*[LDP/20] 01:00:08, metric 10
> to 172.27.0.1 via ge-0/0/1.0
::ffff:172.27.255.3/128
*[LDP/20] 01:00:08, metric 20
to 172.27.0.6 via ge-0/0/4.0, Push 299792
> to 172.27.0.1 via ge-0/0/1.0, Push 299808
::ffff:172.27.255.4/128
*[LDP/20] 01:00:08, metric 10
> to 172.27.0.6 via ge-0/0/4.0
::ffff:172.27.255.5/128
*[LDP/20] 01:00:08, metric 20
> to 172.27.0.6 via ge-0/0/4.0, Push 299776

lab@R2> show route receive-protocol bgp 172.27.0.66 table inet6.0

inet6.0: 42 destinations, 80 routes (42 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* ::/0 ::ffff:172.27.0.66 1342930876 I

lab@R2> show route receive-protocol bgp 172.27.0.38 table inet6.0

inet6.0: 42 destinations, 80 routes (42 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
::/0 ::ffff:172.27.0.38 1342930876 I

lab@R2> show route advertising-protocol bgp 172.27.0.66 table inet6.0


2008:4498:1::/64

inet6.0: 42 destinations, 80 routes (42 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498:1::/64 Self 65432 I

lab@R2> show route advertising-protocol bgp 172.27.0.66 table inet6.0


2008:4498:2::/64

Lab 6–42 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp

inet6.0: 42 destinations, 80 routes (42 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498:2::/64 Self 65432 I

lab@R2> show route advertising-protocol bgp 172.27.0.38 table inet6.0


2008:4498:1::/64

inet6.0: 42 destinations, 80 routes (42 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498:1::/64 Self 65432 I

lab@R2> show route advertising-protocol bgp 172.27.0.38 table inet6.0


2008:4498:2::/64

inet6.0: 42 destinations, 80 routes (42 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498:2::/64 Self 65432 I

lab@R2> show route advertising-protocol bgp 172.27.255.3 table inet6.0

inet6.0: 42 destinations, 80 routes (42 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* ::/0 Self 100 1342930876 I

lab@R2> show route advertising-protocol bgp 172.27.255.4 table inet6.0

inet6.0: 42 destinations, 80 routes (42 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* ::/0 Self 100 1342930876 I

• R3:
lab@R3> show bgp summary
Groups: 4 Peers: 6 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 1786 895 0 0 0 0
inet6.0 34 33 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.62 2087403078 470 1423 0 0 3:35:12 24/
24/24/0 0/0/0/0
172.27.255.1 3895077211 527 119 0 0 50:49 Establ
inet.0: 860/884/884/0
inet6.0: 1/1/1/0
172.27.255.2 3895077211 525 529 0 0 50:45 Establ
inet.0: 11/871/871/0
inet6.0: 0/1/1/0
172.27.255.4 3895077211 550 548 0 1 34:18 Establ
inet.0: 0/0/0/0
inet6.0: 16/16/16/0
172.27.255.5 3895077211 113 527 0 0 50:41 Establ
inet.0: 0/7/7/0
2008:4498::2 65432 112 116 0 0 50:33 Establ
inet6.0: 16/16/16/0

www.juniper.net BGP Implementation • Lab 6–43


JNCIE Service Provider Bootcamp

lab@R3> show route table inet6.3

inet6.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

::ffff:172.27.255.1/128
*[LDP/20] 00:51:15, metric 10
> to 172.27.0.14 via ge-0/0/1.0
::ffff:172.27.255.2/128
*[LDP/20] 00:51:15, metric 20
> to 172.27.0.14 via ge-0/0/1.0, Push 299824
to 172.27.0.18 via ge-0/0/2.0, Push 299824
::ffff:172.27.255.4/128
*[LDP/20] 00:51:15, metric 10
> to 172.27.0.18 via ge-0/0/2.0
::ffff:172.27.255.5/128
*[LDP/20] 00:51:15, metric 10
> to 172.27.0.25 via ge-0/0/3.0

lab@R3> show route advertising-protocol bgp 2008:4498::2 2008:4498:2::/64

inet6.0: 40 destinations, 44 routes (40 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498:2::/64 Self 3895077211 I

lab@R3> show route advertising-protocol bgp 2008:4498::2 ::/0 exact

inet6.0: 40 destinations, 44 routes (40 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* ::/0 Self 1342930876 I

• R4:
lab@R4> show bgp summary
Groups: 3 Peers: 5 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 1786 895 0 0 0 0
inet6.0 34 33 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.255.1 3895077211 499 89 0 0 37:58 Establ
inet.0: 884/884/884/0
inet6.0: 1/1/1/0
172.27.255.2 3895077211 497 501 0 0 37:54 Establ
inet.0: 11/871/871/0
inet6.0: 0/1/1/0
172.27.255.3 3895077211 555 556 0 0 37:46 Establ
inet.0: 0/24/24/0
inet6.0: 16/16/16/0
172.27.255.5 3895077211 85 499 0 0 37:50 Establ
inet.0: 0/7/7/0
2008:4498:0:1::2 65432 84 88 0 0 37:42 Establ
inet6.0: 16/16/16/0

Lab 6–44 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
lab@R4> show route table inet6.3

inet6.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

::ffff:172.27.255.1/128
*[LDP/20] 00:38:23, metric 5
> to 172.27.0.10 via ae0.0
::ffff:172.27.255.2/128
*[LDP/20] 00:38:23, metric 10
> to 172.27.0.5 via ge-0/0/1.0
::ffff:172.27.255.3/128
*[LDP/20] 00:38:23, metric 10
> to 172.27.0.17 via ge-0/0/5.0
::ffff:172.27.255.5/128
*[LDP/20] 00:38:23, metric 10
> to 172.27.0.22 via ge-0/0/4.0

lab@R4> show route advertising-protocol bgp 2008:4498:0:1::2 2008:4498:1::/64

inet6.0: 41 destinations, 46 routes (41 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498:1::/64 Self 3895077211 I

lab@R4> show route advertising-protocol bgp 2008:4498:0:1::2 ::/0 exact

inet6.0: 41 destinations, 46 routes (41 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* ::/0 Self 1342930876 I

TASK 8
The direct IPv6 routes on C1-R3 and C3-R4 links must be reachable
from the Customer remote routers C3 and C1 respectively.
TASK INTERPRETATION
You must apply a redistribution policy at R3 and R4.
TASK COMPLETION
• R3:
lab@R3> configure
Entering configuration mode

[edit]
lab@R3# edit policy-options policy-statement IPv6-direct

[edit policy-options policy-statement IPv6-direct]


lab@R3# set term 1 from protocol direct

[edit policy-options policy-statement IPv6-direct]


lab@R3# set term 1 from route-filter 2008:4498::/64 exact

[edit policy-options policy-statement IPv6-direct]


lab@R3# set term 1 then accept

www.juniper.net BGP Implementation • Lab 6–45


JNCIE Service Provider Bootcamp

[edit policy-options policy-statement IPv6-direct]


lab@R3# show
term 1 {
from {
protocol direct;
route-filter 2008:4498::/64 exact;
}
then accept;
}

[edit policy-options policy-statement IPv6-direct]


lab@R3# top

[edit]
lab@R3# set protocols bgp group internal export IPv6-direct

[edit]
lab@R3# show protocols bgp group internal
type internal;
local-address 172.27.255.3;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$j9kmT69pRhrz3hrev7Nik."; ## SECRET-DATA
export [ nhs IPv6-direct ];
neighbor 172.27.255.4;

[edit]
lab@R3# commit and-quit

commit complete
Exiting configuration mode

lab@R3>

• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# edit policy-options policy-statement IPv6-direct

[edit policy-options policy-statement IPv6-direct]


lab@R4# set term 1 from protocol direct

[edit policy-options policy-statement IPv6-direct]


lab@R4# set term 1 from route-filter 2008:4498:0:1::/64 exact

Lab 6–46 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
[edit policy-options policy-statement IPv6-direct]
lab@R4# set term 1 then accept

[edit policy-options policy-statement IPv6-direct]


lab@R4# show
term 1 {
from {
protocol direct;
route-filter 2008:4498:0:1::/64 exact;
}
then accept;
}

[edit policy-options policy-statement IPv6-direct]


lab@R4# top

[edit]
lab@R4# set protocols bgp group internal export IPv6-direct

[edit]
lab@R4# show protocols bgp group internal
type internal;
local-address 172.27.255.4;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$EFaSlM7-waZj8XZjHqQzhSr"; ## SECRET-DATA
export IPv6-direct;
neighbor 172.27.255.3;

[edit]
lab@R4# commit and-quit

commit complete
Exiting configuration mode

lab@R4>

TASK VERIFICATION
Verify that the redistribution policy is applied at R3 and R4.
• R3:
lab@R3> show route advertising-protocol bgp 2008:4498::2 2008:4498:0:1::/64

inet6.0: 41 destinations, 45 routes (41 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498:0:1::/64 Self I

lab@R3> show route advertising-protocol bgp 172.27.255.4 2008:4498::/64

www.juniper.net BGP Implementation • Lab 6–47


JNCIE Service Provider Bootcamp

inet6.0: 41 destinations, 45 routes (41 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498::/64 Self 100 I

lab@R3> ping inet6 2008:4498:0:1::2 source 2008:4498::1 count 2


PING6(56=40+8+8 bytes) 2008:4498::1 --> 2008:4498:0:1::2
16 bytes from 2008:4498:0:1::2, icmp_seq=0 hlim=63 time=7.860 ms
16 bytes from 2008:4498:0:1::2, icmp_seq=1 hlim=63 time=7.825 ms

--- 2008:4498:0:1::2 ping6 statistics ---


2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/std-dev = 7.825/7.843/7.860/0.018 ms

• R4:
lab@R4> show route advertising-protocol bgp 2008:4498:0:1::2 2008:4498::/64

inet6.0: 42 destinations, 47 routes (42 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498::/64 Self I

lab@R4> show route advertising-protocol bgp 172.27.255.3 2008:4498:0:1::/64

inet6.0: 42 destinations, 47 routes (42 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498:0:1::/64 Self 100 I

lab@R4> ping inet6 2008:4498::2 source 2008:4498:0:1::1 count 2


PING6(56=40+8+8 bytes) 2008:4498:0:1::1 --> 2008:4498::2
16 bytes from 2008:4498::2, icmp_seq=0 hlim=63 time=13.861 ms
16 bytes from 2008:4498::2, icmp_seq=1 hlim=63 time=13.609 ms

--- 2008:4498::2 ping6 statistics ---


2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/std-dev = 13.609/13.735/13.861/0.126 ms

TASK 9
Ensure that no more than 12 prefixes are accepted from Customer
routers C1 and C3. If this limit is exceeded the router should
generate the syslog message but the session should remain active.
TASK INTERPRETATION
When prefix limit is configured in BGP, the default action is to generate the syslog message,
therefore you must configure only the limit, without specifying other options.
TASK COMPLETION
• R3:
lab@R3> configure
Entering configuration mode

Lab 6–48 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
[edit]
lab@R3# set protocols bgp group C1 family inet6 unicast prefix-limit maximum 12

[edit]
lab@R3# show protocols bgp group C1
type external;
family inet6 {
unicast {
prefix-limit {
maximum 12;
}
}
}
peer-as 65432;
as-override;
neighbor 2008:4498::2;

[edit]
lab@R3# commit and-quit

commit complete
Exiting configuration mode

lab@R3>

• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# set protocols bgp group C3 family inet6 unicast prefix-limit maximum 12

[edit]
lab@R4# show protocols bgp group C3
type external;
family inet6 {
unicast {
prefix-limit {
maximum 12;
}
}
}
peer-as 65432;
as-override;
neighbor 2008:4498:0:1::2;

[edit]
lab@R4# commit and-quit

commit complete
Exiting configuration mode

lab@R4>

www.juniper.net BGP Implementation • Lab 6–49


JNCIE Service Provider Bootcamp
TASK VERIFICATION
Verify that you have correctly configured the prefix limit.
• R3:
lab@R3> show log messages | match "Configured maximum"
Jan 26 15:00:23 R3 rpd[1273]: 2008:4498::2 (External AS 65432): Configured maximum
prefix-limit(12) exceeded for inet6-unicast nlri: 16

• R4:
lab@R4> show log messages | match "Configured maximum"
Jan 26 15:00:52 R4 rpd[1267]: 2008:4498:0:1::2 (External AS 65432): Configured
maximum prefix-limit(12) exceeded for inet6-unicast nlri: 16

TASK 10
All BGP sessions state changes should be logged to syslog.
TASK INTERPRETATION
The task is fairly straight forward. You must configure the log-updown option under the BGP
protocol for every router.
TASK COMPLETION
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# set protocols bgp log-updown

[edit]
lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>

• R2:
lab@R2> configure
Entering configuration mode

[edit]
lab@R2# set protocols bgp log-updown

[edit]
lab@R2# commit and-quit

commit complete
Exiting configuration mode

lab@R2>
Lab 6–50 • BGP Implementation www.juniper.net
JNCIE Service Provider Bootcamp
• R3:
lab@R3> configure
Entering configuration mode

[edit]
lab@R3# set protocols bgp log-updown

[edit]
lab@R3# commit and-quit

commit complete
Exiting configuration mode

lab@R3>

• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# set protocols bgp log-updown

[edit]
lab@R4# commit and-quit

commit complete
Exiting configuration mode

lab@R4>

• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# set protocols bgp log-updown

[edit]
lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>

TASK VERIFICATION
Verify that all BGP sessions state changes are logged to syslog.
• R1:
lab@R1> clear bgp neighbor
Cleared 4 connections

www.juniper.net BGP Implementation • Lab 6–51


JNCIE Service Provider Bootcamp

lab@R1> show log messages | match RPD_BGP_NEIGHBOR_STATE_CHANGED


Jan 26 17:11:17 R1 rpd[1058]: RPD_BGP_NEIGHBOR_STATE_CHANGED: BGP peer
172.27.255.3 (Internal AS 3895077211) changed state from Established to Idle
(event Stop)
Jan 26 17:11:17 R1 rpd[1058]: RPD_BGP_NEIGHBOR_STATE_CHANGED: BGP peer
172.27.255.4 (Internal AS 3895077211) changed state from Established to Idle
(event Stop)
Jan 26 17:11:17 R1 rpd[1058]: RPD_BGP_NEIGHBOR_STATE_CHANGED: BGP peer 172.27.0.34
(External AS 1342930876) changed state from Established to Idle (event Stop)
Jan 26 17:11:17 R1 rpd[1058]: RPD_BGP_NEIGHBOR_STATE_CHANGED: BGP peer 172.27.0.30
(External AS 2087403078) changed state from Established to Idle (event Stop)

Note
The next several steps are comprised of
policy tasks. To most efficiently implement
the BGP policy tasks, we will discuss each
policy task in a separate step, however, the
tasks will be completed together in a later
step.

TASK 11
Implement an export policy that affects incoming traffic from
Transit routers. Traffic should enter your network through the T1
router.
TASK INTERPRETATION
The prefixes advertised by R2 to T2 should look inferior to the ones advertised by R1 and R2 to
T1. Routers to apply the policy: R2.
TASK 12
Implement an import policy for the Transit routers that ensures the
outbound IPv4 traffic exits your AS at the R2 router.
TASK INTERPRETATION
The prefixes received from T1 and T2 should be advertised to IBGP neighbors with better
preference by R2. Routers to apply the policy: R2.
TASK 13
Ensure that the traffic going to the destinations advertised by the
P router prefers R3 as the exit point.
TASK INTERPRETATION
The task is straightforward. Routers to apply the policy: R3.
TASK 14
Routes received from the P router should not be advertised to T1 or
T2 or vise-versa.

Lab 6–52 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
TASK INTERPRETATION
The task is straightforward. Routers to apply the policy: R1, R2, R3.
TASK 15
Using BGP standard communities ensure that it is possible to
differentiate between the EBGP neighbors where the external IPv4
prefixes were received from.
TASK INTERPRETATION
The task is straightforward. Routers to apply the policy: R1, R2, R3, R5.
TASK 16
Advertise a summary route representing local AS IPv4 range to the
Peer (P), Transit provider (T1 and T2) and the C2 Customer.
TASK INTERPRETATION
The task is straightforward. Routers to apply the policy: R1, R2, R3, R5.
TASK 17
Advertise a summary route representing local AS IPv6 range to the
Transit provider, no other IPv6 routes may be advertised to the T1
and T2 routers.
TASK INTERPRETATION
The task is straightforward. Routers to apply the policy: R1, R2.
TASK 18
Do not accept IPv4 routes that have a mask shorter than /8 or longer
than /24 from the Peer and Transit providers.
TASK INTERPRETATION
The task is straightforward. Routers to apply the policy: R1, R2, R3.
TASK 19
If the same route is learned directly from the C2 Customer, it
should always be preferred to the same prefix learned from either a
Peer or a Transit router.
TASK INTERPRETATION
C2 prefixes may be advertised indirectly to your AS. You should not rely on AS path length. R5
should advertise the C2 prefixes to IBGP neighbors with better preference. Routers to apply the
policy: R5.

www.juniper.net BGP Implementation • Lab 6–53


JNCIE Service Provider Bootcamp
.
Note
We recommend that you approach the BGP
routing policy design tasks, consisting of
many individual elements, as a single
integrated task. This approach allows you
to better design and implement your policy
structure.

Note
The example solution provided in this
section is one of several possible
approaches. You can accomplish the task
by designing your policies in different way.

TASK COMPLETION
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# edit routing-options

[edit routing-options]
lab@R1# set rib inet6.0 aggregate route 2008:4498::/32

[edit routing-options]
lab@R1# set aggregate route 172.27.0.0/16

[edit routing-options]
lab@R1# show
rib inet6.0 {
aggregate {
route 2008:4498::/32;
}
}
aggregate {
route 172.27.0.0/16;
}
router-id 172.27.255.1;
autonomous-system 3895077211;

[edit routing-options]
lab@R1# top edit policy-options

[edit policy-options]
lab@R1# set community C2-routes members 7211:65512

[edit policy-options]
lab@R1# set community P-routes members 7211:1111

Lab 6–54 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp

[edit policy-options]
lab@R1# set community T1-routes members 7211:2222

[edit policy-options]
lab@R1# set community T2-routes members 7211:3333

[edit policy-options]
lab@R1# edit policy-statement from-T1

[edit policy-options policy-statement from-T1]


lab@R1# set term 1 from route-filter 0.0.0.0/0 prefix-length-range /8-/24

[edit policy-options policy-statement from-T1]


lab@R1# set term 1 to rib inet.0

[edit policy-options policy-statement from-T1]


lab@R1# set term 1 then community add T1-routes

[edit policy-options policy-statement from-T1]


lab@R1# set term 1 then accept

[edit policy-options policy-statement from-T1]


lab@R1# set term 2 to rib inet6.0

[edit policy-options policy-statement from-T1]


lab@R1# set term 2 then accept

[edit policy-options policy-statement from-T1]


lab@R1# set term 3 then reject

[edit policy-options policy-statement from-T1]


lab@R1# show
term 1 {
from {
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
to rib inet.0;
then {
community add T1-routes;
accept;
}
}
term 2 {
to rib inet6.0;
then accept;
}
term 3 {
then reject;
}

[edit policy-options policy-statement from-T1]


lab@R1# up

www.juniper.net BGP Implementation • Lab 6–55


JNCIE Service Provider Bootcamp
[edit policy-options]
lab@R1# edit policy-statement to-T1

[edit policy-options policy-statement to-T1]


lab@R1# set term 1 from protocol aggregate

[edit policy-options policy-statement to-T1]


lab@R1# set term 1 from route-filter 172.27.0.0/16 exact

[edit policy-options policy-statement to-T1]


lab@R1# set term 1 then accept

[edit policy-options policy-statement to-T1]


lab@R1# set term 2 from protocol aggregate

[edit policy-options policy-statement to-T1]


lab@R1# set term 2 from rib inet6.0

[edit policy-options policy-statement to-T1]


lab@R1# set term 2 from route-filter 2008:4498::/32 exact

[edit policy-options policy-statement to-T1]


lab@R1# set term 2 then accept

[edit policy-options policy-statement to-T1]


lab@R1# set term 3 from rib inet6.0

[edit policy-options policy-statement to-T1]


lab@R1# set term 3 from route-filter 2008:4498::/32 longer

[edit policy-options policy-statement to-T1]


lab@R1# set term 3 then reject

[edit policy-options policy-statement to-T1]


lab@R1# set term 4 from protocol bgp

[edit policy-options policy-statement to-T1]


lab@R1# set term 4 from community P-routes

[edit policy-options policy-statement to-T1]


lab@R1# set term 4 then reject

[edit policy-options policy-statement to-T1]


lab@R1# show
term 1 {
from {
protocol aggregate;
route-filter 172.27.0.0/16 exact;
}
then accept;
}
term 2 {
from {
protocol aggregate;
rib inet6.0;

Lab 6–56 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
route-filter 2008:4498::/32 exact;
}
then accept;
}
term 3 {
from {
rib inet6.0;
route-filter 2008:4498::/32 longer;
}
then reject;
}
term 4 {
from {
protocol bgp;
community P-routes;
}
then reject;
}

[edit policy-options policy-statement to-T1]


lab@R1# up

[edit policy-options]
lab@R1# edit policy-statement from-P

[edit policy-options policy-statement from-P]


lab@R1# set term 1 from route-filter 0.0.0.0/0 prefix-length-range /8-/24

[edit policy-options policy-statement from-P]


lab@R1# set term 1 then community add P-routes

[edit policy-options policy-statement from-P]


lab@R1# set term 1 then accept

[edit policy-options policy-statement from-P]


lab@R1# set term 2 then reject

[edit policy-options policy-statement from-P]


lab@R1# show
term 1 {
from {
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
then {
community add P-routes;
accept;
}
}
term 2 {
then reject;
}

[edit policy-options policy-statement from-P]


lab@R1# up

www.juniper.net BGP Implementation • Lab 6–57


JNCIE Service Provider Bootcamp
[edit policy-options]
lab@R1# edit policy-statement to-P

[edit policy-options policy-statement to-P]


lab@R1# set term 1 from protocol aggregate

[edit policy-options policy-statement to-P]


lab@R1# set term 1 from route-filter 172.27.0.0/16 exact

[edit policy-options policy-statement to-P]


lab@R1# set term 1 then accept

[edit policy-options policy-statement to-P]


lab@R1# set term 2 from protocol bgp

[edit policy-options policy-statement to-P]


lab@R1# set term 2 from community T1-routes

[edit policy-options policy-statement to-P]


lab@R1# set term 2 from community T2-routes

[edit policy-options policy-statement to-P]


lab@R1# set term 2 then reject

[edit policy-options policy-statement to-P]


lab@R1# show
term 1 {
from {
protocol aggregate;
route-filter 172.27.0.0/16 exact;
}
then accept;
}
term 2 {
from {
protocol bgp;
community [ T1-routes T2-routes ];
}
then reject;
}

[edit policy-options policy-statement to-P]


lab@R1# top

[edit]
lab@R1# set protocols bgp group T1 import from-T1

[edit]
lab@R1# set protocols bgp group T1 export to-T1

[edit]
lab@R1# set protocols bgp group P import from-P

[edit]
lab@R1# set protocols bgp group P export to-P

Lab 6–58 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp

[edit]
lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>

• R2:
lab@R2> configure
Entering configuration mode

[edit]
lab@R2# edit routing-options

[edit routing-options]
lab@R2# set rib inet6.0 aggregate route 2008:4498::/32

[edit routing-options]
lab@R2# set aggregate route 172.27.0.0/16

[edit routing-options]
lab@R2# show
rib inet6.0 {
aggregate {
route 2008:4498::/32;
}
}
aggregate {
route 172.27.0.0/16;
}
router-id 172.27.255.2;
autonomous-system 3895077211;

[edit routing-options]
lab@R2# top edit policy-options

[edit policy-options]
lab@R2# set community C2-routes members 7211:65512

[edit policy-options]
lab@R2# set community P-routes members 7211:1111

[edit policy-options]
lab@R2# set community T1-routes members 7211:2222

[edit policy-options]
lab@R2# set community T2-routes members 7211:3333

[edit policy-options]
lab@R2# edit policy-statement from-T1

www.juniper.net BGP Implementation • Lab 6–59


JNCIE Service Provider Bootcamp
[edit policy-options policy-statement from-T1]
lab@R2# set term 1 from route-filter 0.0.0.0/0 prefix-length-range /8-/24

[edit policy-options policy-statement from-T1]


lab@R2# set term 1 to rib inet.0

[edit policy-options policy-statement from-T1]


lab@R2# set term 1 then local-preference 200

[edit policy-options policy-statement from-T1]


lab@R2# set term 1 then community add T1-routes

[edit policy-options policy-statement from-T1]


lab@R2# set term 1 then accept

[edit policy-options policy-statement from-T1]


lab@R2# set term 2 to rib inet6.0

[edit policy-options policy-statement from-T1]


lab@R2# set term 2 then accept

[edit policy-options policy-statement from-T1]


lab@R2# set term 3 then reject

[edit policy-options policy-statement from-T1]


lab@R2# show
term 1 {
from {
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
to rib inet.0;
then {
local-preference 200;
community add T1-routes;
accept;
}
}
term 2 {
to rib inet6.0;
then accept;
}
term 3 {
then reject;
}

[edit policy-options policy-statement from-T1]


lab@R2# up

[edit policy-options]
lab@R2# edit policy-statement to-T1

[edit policy-options policy-statement to-T1]


lab@R2# set term 1 from protocol aggregate

Lab 6–60 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
[edit policy-options policy-statement to-T1]
lab@R2# set term 1 from route-filter 172.27.0.0/16 exact

[edit policy-options policy-statement to-T1]


lab@R2# set term 1 then accept

[edit policy-options policy-statement to-T1]


lab@R2# set term 2 from protocol aggregate

[edit policy-options policy-statement to-T1]


lab@R2# set term 2 from rib inet6.0

[edit policy-options policy-statement to-T1]


lab@R2# set term 2 from route-filter 2008:4498::/32 exact

[edit policy-options policy-statement to-T1]


lab@R2# set term 2 then accept

[edit policy-options policy-statement to-T1]


lab@R2# set term 3 from rib inet6.0

[edit policy-options policy-statement to-T1]


lab@R2# set term 3 from route-filter 2008:4498::/32 longer

[edit policy-options policy-statement to-T1]


lab@R2# set term 3 then reject

[edit policy-options policy-statement to-T1]


lab@R2# set term 4 from protocol bgp

[edit policy-options policy-statement to-T1]


lab@R2# set term 4 from community P-routes

[edit policy-options policy-statement to-T1]


lab@R2# set term 4 then reject

[edit policy-options policy-statement to-T1]


lab@R2# show
term 1 {
from {
protocol aggregate;
route-filter 172.27.0.0/16 exact;
}
then accept;
}
term 2 {
from {
protocol aggregate;
rib inet6.0;
route-filter 2008:4498::/32 exact;
}
then accept;
}
term 3 {
from {

www.juniper.net BGP Implementation • Lab 6–61


JNCIE Service Provider Bootcamp
rib inet6.0;
route-filter 2008:4498::/32 longer;
}
then reject;
}
term 4 {
from {
protocol bgp;
community P-routes;
}
then reject;
}

[edit policy-options policy-statement to-T1]


lab@R2# up

[edit policy-options]
lab@R2# edit policy-statement from-T2

[edit policy-options policy-statement from-T2]


lab@R2# set term 1 from route-filter 0.0.0.0/0 prefix-length-range /8-/24

[edit policy-options policy-statement from-T2]


lab@R2# set term 1 to rib inet.0

[edit policy-options policy-statement from-T2]


lab@R2# set term 1 then local-preference 200

[edit policy-options policy-statement from-T2]


lab@R2# set term 1 then community add T2-routes

[edit policy-options policy-statement from-T2]


lab@R2# set term 1 then accept

[edit policy-options policy-statement from-T2]


lab@R2# set term 2 to rib inet6.0

[edit policy-options policy-statement from-T2]


lab@R2# set term 2 then accept

[edit policy-options policy-statement from-T2]


lab@R2# set term 3 then reject

[edit policy-options policy-statement from-T2]


lab@R2# show
term 1 {
from {
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
to rib inet.0;
then {
local-preference 200;
community add T2-routes;
accept;
}

Lab 6–62 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
}
term 2 {
to rib inet6.0;
then accept;
}
term 3 {
then reject;
}

[edit policy-options policy-statement from-T2]


lab@R2# up

[edit policy-options]
lab@R2# edit policy-statement to-T2

[edit policy-options policy-statement to-T2]


lab@R2# set term 1 from protocol aggregate

[edit policy-options policy-statement to-T2]


lab@R2# set term 1 from route-filter 172.27.0.0/16 exact

[edit policy-options policy-statement to-T2]


lab@R2# set term 1 then as-path-prepend "3895077211 3895077211"

[edit policy-options policy-statement to-T2]


lab@R2# set term 1 then accept

[edit policy-options policy-statement to-T2]


lab@R2# set term 2 from protocol aggregate

[edit policy-options policy-statement to-T2]


lab@R2# set term 2 from rib inet6.0

[edit policy-options policy-statement to-T2]


lab@R2# set term 2 from route-filter 2008:4498::/32 exact

[edit policy-options policy-statement to-T2]


lab@R2# set term 2 then accept

[edit policy-options policy-statement to-T2]


lab@R2# set term 3 from rib inet6.0

[edit policy-options policy-statement to-T2]


lab@R2# set term 3 from route-filter 2008:4498::/32 longer

[edit policy-options policy-statement to-T2]


lab@R2# set term 3 then reject

[edit policy-options policy-statement to-T2]


lab@R2# set term 4 from protocol bgp

[edit policy-options policy-statement to-T2]


lab@R2# set term 4 from community P-routes

www.juniper.net BGP Implementation • Lab 6–63


JNCIE Service Provider Bootcamp
[edit policy-options policy-statement to-T2]
lab@R2# set term 4 then reject

[edit policy-options policy-statement to-T2]


lab@R2# set term 5 from protocol bgp

[edit policy-options policy-statement to-T2]


lab@R2# set term 5 then as-path-prepend "3895077211 3895077211"

[edit policy-options policy-statement to-T2]


lab@R2# set term 5 then accept

[edit policy-options policy-statement to-T2]


lab@R2# show
term 1 {
from {
protocol aggregate;
route-filter 172.27.0.0/16 exact;
}
then {
as-path-prepend "3895077211 3895077211";
accept;
}
}
term 2 {
from {
protocol aggregate;
rib inet6.0;
route-filter 2008:4498::/32 exact;
}
then accept;
}
term 3 {
from {
rib inet6.0;
route-filter 2008:4498::/32 longer;
}
then reject;
}
term 4 {
from {
protocol bgp;
community P-routes;
}
then reject;
}
term 5 {
from protocol bgp;
then {
as-path-prepend "3895077211 3895077211";
accept;
}
}

[edit policy-options policy-statement to-T2]

Lab 6–64 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
lab@R2# top

[edit]
lab@R2# set protocols bgp group T1-T2 neighbor 172.27.0.66 import from-T1

[edit]
lab@R2# set protocols bgp group T1-T2 neighbor 172.27.0.66 export to-T1

[edit]
lab@R2# set protocols bgp group T1-T2 neighbor 172.27.0.38 import from-T2

[edit]
lab@R2# set protocols bgp group T1-T2 neighbor 172.27.0.38 export to-T2

[edit]
lab@R2# commit and-quit

commit complete
Exiting configuration mode

lab@R2>

• R3:
lab@R3> configure
Entering configuration mode

[edit]
lab@R3# edit routing-options

[edit routing-options]
lab@R3# set aggregate route 172.27.0.0/16

[edit routing-options]
lab@R3# show
aggregate {
route 172.27.0.0/16;
}
router-id 172.27.255.3;
autonomous-system 3895077211;

[edit routing-options]
lab@R3# top edit policy-options

[edit policy-options]
lab@R3# set community C2-routes members 7211:65512

[edit policy-options]
lab@R3# set community P-routes members 7211:1111

[edit policy-options]
lab@R3# set community T1-routes members 7211:2222

[edit policy-options]
lab@R3# set community T2-routes members 7211:3333

www.juniper.net BGP Implementation • Lab 6–65


JNCIE Service Provider Bootcamp

[edit policy-options]
lab@R3# edit policy-statement from-P

[edit policy-options policy-statement from-P]


lab@R3# set term 1 from route-filter 0.0.0.0/0 prefix-length-range /8-/24

[edit policy-options policy-statement from-P]


lab@R3# set term 1 then local-preference 200

[edit policy-options policy-statement from-P]


lab@R3# set term 1 then community add P-routes

[edit policy-options policy-statement from-P]


lab@R3# set term 1 then accept

[edit policy-options policy-statement from-P]


lab@R3# set term 2 then reject

[edit policy-options policy-statement from-P]


lab@R3# show
term 1 {
from {
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
then {
local-preference 200;
community add P-routes;
accept;
}
}
term 2 {
then reject;
}

[edit policy-options policy-statement from-P]


lab@R3# up

[edit policy-options]
lab@R3# edit policy-statement to-P

[edit policy-options policy-statement to-P]


lab@R3# set term 1 from protocol aggregate

[edit policy-options policy-statement to-P]


lab@R3# set term 1 from route-filter 172.27.0.0/16 exact

[edit policy-options policy-statement to-P]


lab@R3# set term 1 then accept

[edit policy-options policy-statement to-P]


lab@R3# set term 2 from protocol bgp

[edit policy-options policy-statement to-P]


lab@R3# set term 2 from community T1-routes

Lab 6–66 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp

[edit policy-options policy-statement to-P]


lab@R3# set term 2 from community T2-routes

[edit policy-options policy-statement to-P]


lab@R3# set term 2 then reject

[edit policy-options policy-statement to-P]


lab@R3# show
term 1 {
from {
protocol aggregate;
route-filter 172.27.0.0/16 exact;
}
then accept;
}
term 2 {
from {
protocol bgp;
community [ T1-routes T2-routes ];
}
then reject;
}

[edit policy-options policy-statement to-P]


lab@R3# top

[edit]
lab@R3# set protocols bgp group P import from-P

[edit]
lab@R3# set protocols bgp group P export to-P

[edit]
lab@R3# commit and-quit

commit complete
Exiting configuration mode

lab@R3>

• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# edit routing-options

[edit routing-options]
lab@R5# set aggregate route 172.27.0.0/16

[edit routing-options]
lab@R5# show
static {

www.juniper.net BGP Implementation • Lab 6–67


JNCIE Service Provider Bootcamp
route 202.202.0.1/32 next-hop [ 172.27.0.50 172.27.0.74 ];
}
aggregate {
route 172.27.0.0/16;
}
router-id 172.27.255.5;
autonomous-system 3895077211;

[edit routing-options]
lab@R5# top edit policy-options

[edit policy-options]
lab@R5# set community C2-routes members 7211:65512

[edit policy-options]
lab@R5# set community P-routes members 7211:1111

[edit policy-options]
lab@R5# set community T1-routes members 7211:2222

[edit policy-options]
lab@R5# set community T2-routes members 7211:3333

[edit policy-options]
lab@R5# edit policy-statement from-C2

[edit policy-options policy-statement from-C2]


lab@R5# set term 1 then local-preference 300

[edit policy-options policy-statement from-C2]


lab@R5# set term 1 then community add C2-routes

[edit policy-options policy-statement from-C2]


lab@R5# set term 1 then accept

[edit policy-options policy-statement from-C2]


lab@R5# show
term 1 {
then {
local-preference 300;
community add C2-routes;
accept;
}
}

[edit policy-options policy-statement from-C2]


lab@R5# up

[edit policy-options]
lab@R5# edit policy-statement to-C2

[edit policy-options policy-statement to-C2]


lab@R5# set term 1 from protocol aggregate

[edit policy-options policy-statement to-C2]

Lab 6–68 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
lab@R5# set term 1 from route-filter 172.27.0.0/16 exact

[edit policy-options policy-statement to-C2]


lab@R5# set term 1 then accept

[edit policy-options policy-statement to-C2]


lab@R5# show
term 1 {
from {
protocol aggregate;
route-filter 172.27.0.0/16 exact;
}
then accept;
}

[edit policy-options policy-statement to-C2]


lab@R5# top

[edit]
lab@R5# set protocols bgp group C2 import from-C2

[edit]
lab@R5# set protocols bgp group C2 export to-C2

[edit]
lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>

TASK VERIFICATION
Verify that all BGP policy tasks are correctly configured.
• R1:
lab@R1> show route advertising-protocol bgp 172.27.0.34 172.27.0.0/16

inet.0: 917 destinations, 2684 routes (911 active, 0 holddown, 6 hidden)


Prefix Nexthop MED Lclpref AS path
* 172.27.0.0/16 Self I

lab@R1> show route advertising-protocol bgp 172.27.0.34 2008:4498::/32

inet6.0: 43 destinations, 78 routes (43 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498::/32 Self {65432} I

lab@R1> show route advertising-protocol bgp 172.27.0.34 community-name P-routes

inet.0: 917 destinations, 2684 routes (911 active, 0 holddown, 6 hidden)

inet6.0: 43 destinations, 78 routes (43 active, 0 holddown, 0 hidden)

www.juniper.net BGP Implementation • Lab 6–69


JNCIE Service Provider Bootcamp
lab@R1> show route advertising-protocol bgp 172.27.0.34 community-name C2-routes

inet.0: 917 destinations, 2684 routes (911 active, 0 holddown, 6 hidden)


Prefix Nexthop MED Lclpref AS path
* 202.202.0.0/24 Self 65512 65512 I
* 202.202.2.0/24 Self 65512 65512 I
* 202.202.3.0/24 Self 65512 65512 I
* 202.202.4.0/24 Self 65512 65512 I
* 202.202.5.0/24 Self 65512 65512 I
* 202.202.6.0/24 Self 65512 65512 I
* 202.202.7.0/24 Self 65512 65512 I

inet6.0: 43 destinations, 78 routes (43 active, 0 holddown, 0 hidden)

lab@R1> show route table inet.0 protocol bgp terse | match "(/2[5-9])|(/3[0-2])"

lab@R1> show route active-path 111.111.1/24 detail | match Communities


Communities: 7211:2222

lab@R1> show route advertising-protocol bgp 172.27.0.30 172.27.0.0/16

inet.0: 917 destinations, 2684 routes (911 active, 0 holddown, 6 hidden)


Prefix Nexthop MED Lclpref AS path
* 172.27.0.0/16 Self I

lab@R1> show route advertising-protocol bgp 172.27.0.30 community-name T1-routes

inet.0: 917 destinations, 2684 routes (911 active, 0 holddown, 6 hidden)

lab@R1> show route advertising-protocol bgp 172.27.0.30 community-name T2-routes

inet.0: 917 destinations, 2684 routes (911 active, 0 holddown, 6 hidden)

lab@R1> show route advertising-protocol bgp 172.27.0.30 community-name C2-routes

inet.0: 917 destinations, 2684 routes (911 active, 0 holddown, 6 hidden)


Prefix Nexthop MED Lclpref AS path
* 202.202.0.0/24 Self 65512 65512 I
* 202.202.2.0/24 Self 65512 65512 I
* 202.202.3.0/24 Self 65512 65512 I
* 202.202.4.0/24 Self 65512 65512 I
* 202.202.5.0/24 Self 65512 65512 I
* 202.202.6.0/24 Self 65512 65512 I
* 202.202.7.0/24 Self 65512 65512 I

lab@R1> show route active-path 150.150/24 detail | match Communities


Communities: 7211:1111

lab@R1> show route 111.111.1/24

inet.0: 917 destinations, 2684 routes (911 active, 0 holddown, 6 hidden)


+ = Active Route, - = Last Active, * = Both

Lab 6–70 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
111.111.1.0/24 *[BGP/170] 00:05:36, localpref 200, from 172.27.255.3
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.2 via ge-0/0/3.0
[BGP/170] 00:05:36, localpref 200, from 172.27.255.4
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.2 via ge-0/0/3.0
[BGP/170] 00:05:56, localpref 100
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.34 via ge-0/0/2.0

lab@R1> show route 150.150/24

inet.0: 917 destinations, 2684 routes (911 active, 0 holddown, 6 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 00:05:48, localpref 200, from 172.27.255.3


AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0
[BGP/170] 00:05:48, localpref 200, from 172.27.255.4
AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0
[BGP/170] 00:06:04, localpref 100
AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.30 via ge-0/0/1.0

lab@R1> show route 202.202/24

inet.0: 917 destinations, 2684 routes (911 active, 0 holddown, 6 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 00:05:55, localpref 300, from 172.27.255.3


AS path: 65512 65512 I, validation-state: unverified
> to 172.27.0.9 via ae0.0
[BGP/170] 00:05:55, localpref 300, from 172.27.255.4
AS path: 65512 65512 I, validation-state: unverified
> to 172.27.0.9 via ae0.0
[BGP/170] 00:06:11, localpref 100
AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.30 via ge-0/0/1.0

• R2:
lab@R2> show route advertising-protocol bgp 172.27.0.66 172.27.0.0/16

inet.0: 915 destinations, 1788 routes (910 active, 0 holddown, 10 hidden)


Prefix Nexthop MED Lclpref AS path
* 172.27.0.0/16 Self I

lab@R2> show route advertising-protocol bgp 172.27.0.66 2008:4498::/32

inet6.0: 45 destinations, 83 routes (45 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498::/32 Self {65432} I

lab@R2> show route advertising-protocol bgp 172.27.0.66 community-name P-routes

www.juniper.net BGP Implementation • Lab 6–71


JNCIE Service Provider Bootcamp

inet.0: 915 destinations, 1788 routes (910 active, 0 holddown, 10 hidden)

inet6.0: 45 destinations, 83 routes (45 active, 0 holddown, 0 hidden)

lab@R2> show route advertising-protocol bgp 172.27.0.66 community-name C2-routes

inet.0: 915 destinations, 1788 routes (910 active, 0 holddown, 10 hidden)


Prefix Nexthop MED Lclpref AS path
* 202.202.0.0/24 Self 65512 65512 I
* 202.202.2.0/24 Self 65512 65512 I
* 202.202.3.0/24 Self 65512 65512 I
* 202.202.4.0/24 Self 65512 65512 I
* 202.202.5.0/24 Self 65512 65512 I
* 202.202.6.0/24 Self 65512 65512 I
* 202.202.7.0/24 Self 65512 65512 I

inet6.0: 45 destinations, 83 routes (45 active, 0 holddown, 0 hidden)

lab@R2> show route table inet.0 protocol bgp terse | match "(/2[5-9])|(/3[0-2])"

lab@R2> show route active-path 111.111.1/24 detail | match "Communities|Localpref"


Communities: 7211:2222
Localpref: 200

lab@R2> show route advertising-protocol bgp 172.27.0.38 172.27.0.0/16

inet.0: 915 destinations, 1788 routes (910 active, 0 holddown, 10 hidden)


Prefix Nexthop MED Lclpref AS path
* 172.27.0.0/16 Self 3895077211 3895077211
[3895077211] I

lab@R2> show route advertising-protocol bgp 172.27.0.38 2008:4498::/32

inet6.0: 45 destinations, 83 routes (45 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498::/32 Self {65432} I

lab@R2> show route advertising-protocol bgp 172.27.0.38 community-name P-routes

inet.0: 915 destinations, 1788 routes (910 active, 0 holddown, 10 hidden)

inet6.0: 45 destinations, 83 routes (45 active, 0 holddown, 0 hidden)

lab@R2> show route advertising-protocol bgp 172.27.0.38 community-name C2-routes

inet.0: 915 destinations, 1788 routes (910 active, 0 holddown, 10 hidden)


Prefix Nexthop MED Lclpref AS path
* 202.202.0.0/24 Self 3895077211 3895077211
[3895077211] 65512 65512 I
* 202.202.2.0/24 Self 3895077211 3895077211
[3895077211] 65512 65512 I
* 202.202.3.0/24 Self 3895077211 3895077211
[3895077211] 65512 65512 I

Lab 6–72 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
* 202.202.4.0/24 Self 3895077211
3895077211 [3895077211] 65512 65512 I
* 202.202.5.0/24 Self 3895077211
3895077211 [3895077211] 65512 65512 I
* 202.202.6.0/24 Self 3895077211
3895077211 [3895077211] 65512 65512 I
* 202.202.7.0/24 Self 3895077211
3895077211 [3895077211] 65512 65512 I

inet6.0: 45 destinations, 83 routes (45 active, 0 holddown, 0 hidden)

lab@R2> show route 111.111.1/24

inet.0: 915 destinations, 1788 routes (910 active, 0 holddown, 10 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 05:04:22, localpref 200


AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.66 via ge-0/0/3.0

lab@R2> show route 150.150/24

inet.0: 915 destinations, 1788 routes (910 active, 0 holddown, 10 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 00:48:43, localpref 200, from 172.27.255.3


AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.1 via ge-0/0/1.0
to 172.27.0.6 via ge-0/0/4.0
[BGP/170] 00:48:43, localpref 200, from 172.27.255.4
AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.1 via ge-0/0/1.0
to 172.27.0.6 via ge-0/0/4.0

lab@R2> show route 202.202/24

inet.0: 915 destinations, 1788 routes (910 active, 0 holddown, 10 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 00:40:55, localpref 300, from 172.27.255.3


AS path: 65512 65512 I, validation-state: unverified
> to 172.27.0.6 via ge-0/0/4.0
[BGP/170] 00:40:55, localpref 300, from 172.27.255.4
AS path: 65512 65512 I, validation-state: unverified
> to 172.27.0.6 via ge-0/0/4.0

• R3:
lab@R3> show route advertising-protocol bgp 172.27.0.62 172.27.0.0/16

inet.0: 910 destinations, 917 routes (909 active, 0 holddown, 1 hidden)


Prefix Nexthop MED Lclpref AS path
* 172.27.0.0/16 Self I

lab@R3> show route advertising-protocol bgp 172.27.0.62 community-name T1-routes

www.juniper.net BGP Implementation • Lab 6–73


JNCIE Service Provider Bootcamp

inet.0: 910 destinations, 917 routes (909 active, 0 holddown, 1 hidden)

lab@R3> show route advertising-protocol bgp 172.27.0.62 community-name T2-routes

inet.0: 910 destinations, 917 routes (909 active, 0 holddown, 1 hidden)

lab@R3> show route advertising-protocol bgp 172.27.0.62 community-name C2-routes

inet.0: 910 destinations, 917 routes (909 active, 0 holddown, 1 hidden)


Prefix Nexthop MED Lclpref AS path
* 202.202.0.0/24 Self 65512 65512 I
* 202.202.2.0/24 Self 65512 65512 I
* 202.202.3.0/24 Self 65512 65512 I
* 202.202.4.0/24 Self 65512 65512 I
* 202.202.5.0/24 Self 65512 65512 I
* 202.202.6.0/24 Self 65512 65512 I
* 202.202.7.0/24 Self 65512 65512 I

lab@R3> show route table inet.0 protocol bgp terse | match "(/2[5-9])|(/3[0-2])"

lab@R3> show route active-path 150.150/24 detail |match "Communities|Localpref"


Communities: 7211:1111
Localpref: 200

lab@R3> show route 111.111.1/24

inet.0: 910 destinations, 917 routes (909 active, 0 holddown, 1 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 00:52:04, localpref 200, from 172.27.255.2


AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.14 via ge-0/0/1.0
to 172.27.0.18 via ge-0/0/2.0

lab@R3> show route 150.150/24

inet.0: 910 destinations, 917 routes (909 active, 0 holddown, 1 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 05:06:18, localpref 200


AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.62 via ge-0/0/5.0

lab@R3> show route 202.202/24

inet.0: 910 destinations, 917 routes (909 active, 0 holddown, 1 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 00:42:21, localpref 300, from 172.27.255.5


AS path: 65512 65512 I, validation-state: unverified
> to 172.27.0.25 via ge-0/0/3.0
[BGP/170] 05:06:42, localpref 200
AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.62 via ge-0/0/5.0

Lab 6–74 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
• R4:
lab@R4> show route 111.111.1/24

inet.0: 907 destinations, 907 routes (907 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 00:53:16, localpref 200, from 172.27.255.2


AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.5 via ge-0/0/1.0

lab@R4> show route 150.150/24

inet.0: 907 destinations, 907 routes (907 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 00:51:10, localpref 200, from 172.27.255.3


AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.17 via ge-0/0/5.0

lab@R4> show route 202.202/24

inet.0: 907 destinations, 907 routes (907 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 00:43:16, localpref 300, from 172.27.255.5


AS path: 65512 65512 I, validation-state: unverified
> to 172.27.0.22 via ge-0/0/4.0

• R5:
lab@R5> show route advertising-protocol bgp 202.202.0.1 172.27.0.0/16

inet.0: 911 destinations, 1793 routes (911 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 172.27.0.0/16 Self I

lab@R5> show route advertising-protocol bgp 202.202.0.1 111.111.1/24

inet.0: 911 destinations, 1793 routes (911 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 111.111.1.0/24 Self 1342930876 I

lab@R5> show route advertising-protocol bgp 202.202.0.1 150.150/24

inet.0: 911 destinations, 1793 routes (911 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 150.150.0.0/24 Self 2087403078 I

lab@R5> show route active-path 202.202/24 detail | match "Communities|Localpref"


Communities: 7211:65512
Localpref: 300

www.juniper.net BGP Implementation • Lab 6–75


JNCIE Service Provider Bootcamp
lab@R5> show route 111.111.1/24

inet.0: 911 destinations, 1793 routes (911 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 00:54:50, localpref 200, from 172.27.255.3


AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.21 via ge-0/0/2.0
[BGP/170] 00:54:50, localpref 200, from 172.27.255.4
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.21 via ge-0/0/2.0

lab@R5> show route 150.150/24

inet.0: 911 destinations, 1793 routes (911 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 00:52:44, localpref 200, from 172.27.255.3


AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.26 via ge-0/0/1.0
[BGP/170] 00:52:44, localpref 200, from 172.27.255.4
AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.26 via ge-0/0/1.0

lab@R5> show route 202.202/24

inet.0: 911 destinations, 1793 routes (911 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 05:09:17, localpref 300, from 202.202.0.1


AS path: 65512 65512 I, validation-state: unverified
> to 172.27.0.50 via ge-0/0/4.0
to 172.27.0.74 via ge-0/0/5.0
202.202.0.1/32 *[Static/5] 06:36:00
to 172.27.0.50 via ge-0/0/4.0
> to 172.27.0.74 via ge-0/0/5.0

Lab 6–76 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp

Implementing IBGP with Confederations


In this lab part, you will redesign the IBGP topology using a confederation network.
TASK 20
Migrate the existing IBGP network to Confederation. Route
Reflection is not permitted. No router in your AS may have more than
two IBGP and CBGP neighbors altogether. The failure of a link or
router in the network must not result in any connectivity issues or
isolation of routers.
TASK INTERPRETATION
You must redesign the IBGP topology using a confederation network. The statement that the
failure of a link or router in the network must not result in any connectivity issues or isolation of
routers means that your network design must provide redundant paths in your AS.
TASK COMPLETION
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# delete routing-options autonomous-system

[edit]
lab@R1# edit routing-options

[edit routing-options]
lab@R1# set autonomous-system 65000

[edit routing-options]
lab@R1# set confederation 3895077211

[edit routing-options]
lab@R1# set confederation members 65000

[edit routing-options]
lab@R1# set confederation members 65001

[edit routing-options]
lab@R1# set confederation members 65002

[edit routing-options]
lab@R1# show
rib inet6.0 {
aggregate {
route 2008:4498::/32;
}
}
aggregate {
route 172.27.0.0/16;
}

www.juniper.net BGP Implementation • Lab 6–77


JNCIE Service Provider Bootcamp
router-id 172.27.255.1;
autonomous-system 65000;
confederation 3895077211 members [ 65000 65001 65002 ];

[edit routing-options]
lab@R1# top

[edit]
lab@R1# delete protocols bgp group cluster-1

[edit]
lab@R1# edit protocols bgp group IBGP

[edit protocols bgp group IBGP]


lab@R1# set type internal

[edit protocols bgp group IBGP]


lab@R1# set local-address 172.27.255.1

[edit protocols bgp group IBGP]


lab@R1# set family inet unicast

[edit protocols bgp group IBGP]


lab@R1# set family inet6 labeled-unicast explicit-null

[edit protocols bgp group IBGP]


lab@R1# set authentication-key juniper

[edit protocols bgp group IBGP]


lab@R1# set export nhs

[edit protocols bgp group IBGP]


lab@R1# set neighbor 172.27.255.3

[edit protocols bgp group IBGP]


lab@R1# show
type internal;
local-address 172.27.255.1;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$pLjwOIcKMXbs4yls4aZkquO1"; ## SECRET-DATA
export nhs;
neighbor 172.27.255.3;

[edit protocols bgp group IBGP]


lab@R1# up

[edit protocols bgp]


lab@R1# edit group CBGP

Lab 6–78 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp

[edit protocols bgp group CBGP]


lab@R1# set type external

[edit protocols bgp group CBGP]


lab@R1# set multihop

[edit protocols bgp group CBGP]


lab@R1# set local-address 172.27.255.1

[edit protocols bgp group CBGP]


lab@R1# set family inet unicast

[edit protocols bgp group CBGP]


lab@R1# set family inet6 labeled-unicast explicit-null

[edit protocols bgp group CBGP]


lab@R1# set authentication-key juniper

[edit protocols bgp group CBGP]


lab@R1# set export nhs

[edit protocols bgp group CBGP]


lab@R1# set peer-as 65001

[edit protocols bgp group CBGP]


lab@R1# set neighbor 172.27.255.2

[edit protocols bgp group CBGP]


lab@R1# show
type external;
multihop;
local-address 172.27.255.1;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$R9CcrvxNboJDWLJDikTQEcy"; ## SECRET-DATA
export nhs;
peer-as 65001;
neighbor 172.27.255.2;

[edit protocols bgp group CBGP]


lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>

www.juniper.net BGP Implementation • Lab 6–79


JNCIE Service Provider Bootcamp
• R2:
lab@R2> configure
Entering configuration mode

[edit]
lab@R2# delete routing-options autonomous-system

[edit]
lab@R2# edit routing-options

[edit routing-options]
lab@R2# set autonomous-system 65001

[edit routing-options]
lab@R2# set confederation 3895077211

[edit routing-options]
lab@R2# set confederation members 65000

[edit routing-options]
lab@R2# set confederation members 65001

[edit routing-options]
lab@R2# set confederation members 65002

[edit routing-options]
lab@R2# show
rib inet6.0 {
aggregate {
route 2008:4498::/32;
}
}
aggregate {
route 172.27.0.0/16;
}
router-id 172.27.255.2;
autonomous-system 65001;
confederation 3895077211 members [ 65000 65001 65002 ];

[edit routing-options]
lab@R2# top

[edit]
lab@R2# delete protocols bgp group cluster-1

[edit]
lab@R2# edit protocols bgp group IBGP

[edit protocols bgp group IBGP]


lab@R2# set type internal

[edit protocols bgp group IBGP]


lab@R2# set local-address 172.27.255.2

Lab 6–80 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
[edit protocols bgp group IBGP]
lab@R2# set family inet unicast

[edit protocols bgp group IBGP]


lab@R2# set family inet6 labeled-unicast explicit-null

[edit protocols bgp group IBGP]


lab@R2# set authentication-key juniper

[edit protocols bgp group IBGP]


lab@R2# set export nhs

[edit protocols bgp group IBGP]


lab@R2# set neighbor 172.27.255.4

[edit protocols bgp group IBGP]


lab@R2# show
type internal;
local-address 172.27.255.2;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$TF6ABIcvWxp0WxNdg4QFn"; ## SECRET-DATA
export nhs;
neighbor 172.27.255.4;

[edit protocols bgp group IBGP]


lab@R2# up

[edit protocols bgp]


lab@R2# edit group CBGP

[edit protocols bgp group CBGP]


lab@R2# set type external

[edit protocols bgp group CBGP]


lab@R2# set multihop

[edit protocols bgp group CBGP]


lab@R2# set local-address 172.27.255.2

[edit protocols bgp group CBGP]


lab@R2# set family inet unicast

[edit protocols bgp group CBGP]


lab@R2# set family inet6 labeled-unicast explicit-null

[edit protocols bgp group CBGP]


lab@R2# set authentication-key juniper

www.juniper.net BGP Implementation • Lab 6–81


JNCIE Service Provider Bootcamp
[edit protocols bgp group CBGP]
lab@R2# set export nhs

[edit protocols bgp group CBGP]


lab@R2# set peer-as 65000

[edit protocols bgp group CBGP]


lab@R2# set neighbor 172.27.255.1

[edit protocols bgp group CBGP]


lab@R2# show
type external;
multihop;
local-address 172.27.255.2;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$PTF/uORlK8CtK8X7sYfTz"; ## SECRET-DATA
export nhs;
peer-as 65000;
neighbor 172.27.255.1;

[edit protocols bgp group CBGP]


lab@R2# commit and-quit

commit complete
Exiting configuration mode

lab@R2>

• R3:
lab@R3> configure
Entering configuration mode

[edit]
lab@R3# delete routing-options autonomous-system

[edit]
lab@R3# edit routing-options

[edit routing-options]
lab@R3# set autonomous-system 65000

[edit routing-options]
lab@R3# set confederation 3895077211

[edit routing-options]
lab@R3# set confederation members 65000

Lab 6–82 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
[edit routing-options]
lab@R3# set confederation members 65001

[edit routing-options]
lab@R3# set confederation members 65002

[edit routing-options]
lab@R3# show
aggregate {
route 172.27.0.0/16;
}
router-id 172.27.255.3;
autonomous-system 65000;
confederation 3895077211 members [ 65000 65001 65002 ];

[edit routing-options]
lab@R3# top

[edit]
lab@R3# delete protocols bgp group cluster-1

[edit]
lab@R3# delete protocols bgp group internal

[edit]
lab@R3# edit protocols bgp group IBGP

[edit protocols bgp group IBGP]


lab@R3# set type internal

[edit protocols bgp group IBGP]


lab@R3# set local-address 172.27.255.3

[edit protocols bgp group IBGP]


lab@R3# set family inet unicast

[edit protocols bgp group IBGP]


lab@R3# set family inet6 labeled-unicast explicit-null

[edit protocols bgp group IBGP]


lab@R3# set authentication-key juniper

[edit protocols bgp group IBGP]


lab@R3# set export nhs

[edit protocols bgp group IBGP]


lab@R3# set export IPv6-direct

[edit protocols bgp group IBGP]


lab@R3# set neighbor 172.27.255.1

[edit protocols bgp group IBGP]


lab@R3# show
type internal;
local-address 172.27.255.3;

www.juniper.net BGP Implementation • Lab 6–83


JNCIE Service Provider Bootcamp
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$iqPQ/CuEclFnclKMN-Hqm"; ## SECRET-DATA
export [ nhs IPv6-direct ];
neighbor 172.27.255.1;

[edit protocols bgp group IBGP]


lab@R3# up

[edit protocols bgp]


lab@R3# edit group CBGP

[edit protocols bgp group CBGP]


lab@R3# set type external

[edit protocols bgp group CBGP]


lab@R3# set multihop

[edit protocols bgp group CBGP]


lab@R3# set local-address 172.27.255.3

[edit protocols bgp group CBGP]


lab@R3# set family inet unicast

[edit protocols bgp group CBGP]


lab@R3# set family inet6 labeled-unicast explicit-null

[edit protocols bgp group CBGP]


lab@R3# set authentication-key juniper

[edit protocols bgp group CBGP]


lab@R3# set export nhs

[edit protocols bgp group CBGP]


lab@R3# set export IPv6-direct

[edit protocols bgp group CBGP]


lab@R3# set peer-as 65002

[edit protocols bgp group CBGP]


lab@R3# set neighbor 172.27.255.5

[edit protocols bgp group CBGP]


lab@R3# show
type external;
multihop;
local-address 172.27.255.3;
family inet {
unicast;

Lab 6–84 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$eeNMLNs2aikPdbkP5Q9CKM8"; ## SECRET-DATA
export [ nhs IPv6-direct ];
peer-as 65002;
neighbor 172.27.255.5;

[edit protocols bgp group CBGP]


lab@R3# commit and-quit

commit complete
Exiting configuration mode

lab@R3>

• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# delete routing-options autonomous-system

[edit]
lab@R4# edit routing-options

[edit routing-options]
lab@R4# set autonomous-system 65001

[edit routing-options]
lab@R4# set confederation 3895077211

[edit routing-options]
lab@R4# set confederation members 65000

[edit routing-options]
lab@R4# set confederation members 65001

ederation member[edit routing-options]


lab@R4# set confederation members 65002

[edit routing-options]
lab@R4# show
router-id 172.27.255.4;
autonomous-system 65001;
confederation 3895077211 members [ 65000 65001 65002 ];

[edit routing-options]
lab@R4# top

www.juniper.net BGP Implementation • Lab 6–85


JNCIE Service Provider Bootcamp
[edit]
lab@R4# delete protocols bgp group cluster-1

[edit]
lab@R4# delete protocols bgp group internal

[edit]
lab@R4# edit protocols bgp group IBGP

[edit protocols bgp group IBGP]


lab@R4# set type internal

[edit protocols bgp group IBGP]


lab@R4# set local-address 172.27.255.4

[edit protocols bgp group IBGP]


lab@R4# set family inet unicast

[edit protocols bgp group IBGP]


lab@R4# set family inet6 labeled-unicast explicit-null

[edit protocols bgp group IBGP]


lab@R4# set authentication-key juniper

[edit protocols bgp group IBGP]


lab@R4# set export IPv6-direct

[edit protocols bgp group IBGP]


lab@R4# set neighbor 172.27.255.2

[edit protocols bgp group IBGP]


lab@R4# show
type internal;
local-address 172.27.255.4;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$u4C5BRSvWxwYoreYoJGq.0BI"; ## SECRET-DATA
export IPv6-direct;
neighbor 172.27.255.2;

[edit protocols bgp group IBGP]


lab@R4# up

[edit protocols bgp]


lab@R4# edit group CBGP

[edit protocols bgp group CBGP]


lab@R4# set type external

Lab 6–86 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
[edit protocols bgp group CBGP]
lab@R4# set multihop

[edit protocols bgp group CBGP]


lab@R4# set local-address 172.27.255.4

[edit protocols bgp group CBGP]


lab@R4# set family inet unicast

[edit protocols bgp group CBGP]


lab@R4# set family inet6 labeled-unicast explicit-null

[edit protocols bgp group CBGP]


lab@R4# set authentication-key juniper

[edit protocols bgp group CBGP]


lab@R4# set export IPv6-direct

[edit protocols bgp group CBGP]


lab@R4# set peer-as 65002

[edit protocols bgp group CBGP]


lab@R4# set neighbor 172.27.255.5

[edit protocols bgp group CBGP]


lab@R4# show
type external;
multihop;
local-address 172.27.255.4;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$fQ390BEevLApvLxNY25QF"; ## SECRET-DATA
export IPv6-direct;
peer-as 65002;
neighbor 172.27.255.5;

[edit protocols bgp group CBGP]


lab@R4# commit and-quit

commit complete
Exiting configuration mode

lab@R4>

• R5:
lab@R5> configure
Entering configuration mode

www.juniper.net BGP Implementation • Lab 6–87


JNCIE Service Provider Bootcamp
[edit]
lab@R5# delete routing-options autonomous-system

[edit]
lab@R5# edit routing-options

[edit routing-options]
lab@R5# set autonomous-system 65002

[edit routing-options]
lab@R5# set confederation 3895077211

[edit routing-options]
lab@R5# set confederation members 65000

[edit routing-options]
lab@R5# set confederation members 65001

[edit routing-options]
lab@R5# set confederation members 65002

[edit routing-options]
lab@R5# show
static {
route 202.202.0.1/32 next-hop [ 172.27.0.50 172.27.0.74 ];
}
aggregate {
route 172.27.0.0/16;
}
router-id 172.27.255.5;
autonomous-system 65002;
confederation 3895077211 members [ 65000 65001 65002 ];

[edit routing-options]
lab@R5# top

[edit]
lab@R5# set interfaces ge-0/0/1 unit 0 family inet6

[edit]
lab@R5# set interfaces ge-0/0/2 unit 0 family inet6

[edit]
lab@R5# set protocols mpls ipv6-tunneling

[edit]
lab@R5# delete protocols bgp group cluster-1

[edit]
lab@R5# edit protocols bgp group CBGP

[edit protocols bgp group CBGP]


lab@R5# set type external

[edit protocols bgp group CBGP]

Lab 6–88 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
lab@R5# set multihop

[edit protocols bgp group CBGP]


lab@R5# set local-address 172.27.255.5

[edit protocols bgp group CBGP]


lab@R5# set family inet unicast

[edit protocols bgp group CBGP]


lab@R5# set family inet6 labeled-unicast explicit-null

[edit protocols bgp group CBGP]


lab@R5# set authentication-key juniper

[edit protocols bgp group CBGP]


lab@R5# set export nhs

[edit protocols bgp group CBGP]


lab@R5# set neighbor 172.27.255.3 peer-as 65000

[edit protocols bgp group CBGP]


lab@R5# set neighbor 172.27.255.4 peer-as 65001

[edit protocols bgp group CBGP]


lab@R5# show
type external;
multihop;
local-address 172.27.255.5;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$PTF/uORlK8CtK8X7sYfTz"; ## SECRET-DATA
export nhs;
neighbor 172.27.255.3 {
peer-as 65000;
}
neighbor 172.27.255.4 {
peer-as 65001;
}

[edit protocols bgp group CBGP]


lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>

www.juniper.net BGP Implementation • Lab 6–89


JNCIE Service Provider Bootcamp
TASK VERIFICATION
Verify that IBGP sessions are established successfully and the external routes are active and
reachable on all routers in your AS.
• R1:
lab@R1> show bgp summary
Groups: 4 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 1773 889 0 0 0 0
inet6.0 36 35 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.30 2087403078 195 201 0 0 1:28:45 0/24/
23/0 0/0/0/0
172.27.0.34 1342930876 607 203 0 0 1:28:49 Establ
inet.0: 0/860/855/0
inet6.0: 1/1/1/0
172.27.255.2 65001 633 1001 0 0 1:11:03 Establ
inet.0: 866/866/866/0
inet6.0: 17/18/18/0
172.27.255.3 65000 120 581 0 0 50:48 Establ
inet.0: 23/23/23/0
inet6.0: 17/17/17/0

lab@R1> show route 111.111.1/24

inet.0: 917 destinations, 1795 routes (911 active, 0 holddown, 6 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 01:11:11, localpref 200, from 172.27.255.2


AS path: (65001) 1342930876 I
> to 172.27.0.2 via ge-0/0/3.0
[BGP/170] 01:28:57, localpref 100
AS path: 1342930876 I
> to 172.27.0.34 via ge-0/0/2.0

lab@R1> show route 150.150/24

inet.0: 917 destinations, 1795 routes (911 active, 0 holddown, 6 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 00:51:04, localpref 200, from 172.27.255.3


AS path: 2087403078 I
> to 172.27.0.13 via ge-0/0/6.0
[BGP/170] 01:29:01, localpref 100
AS path: 2087403078 I
> to 172.27.0.30 via ge-0/0/1.0

lab@R1> show route 202.202/24

inet.0: 917 destinations, 1795 routes (911 active, 0 holddown, 6 hidden)


+ = Active Route, - = Last Active, * = Both

Lab 6–90 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
202.202.0.0/24 *[BGP/170] 00:09:23, localpref 300, from 172.27.255.3
AS path: (65002) 65512 65512 I
> to 172.27.0.9 via ae0.0
[BGP/170] 01:29:09, localpref 100
AS path: 2087403078 65512 I
> to 172.27.0.30 via ge-0/0/1.0

lab@R1> show route resolution unresolved


Tree Index 1
Tree Index 2
Tree Index 3
Tree Index 4
Tree Index 5

• R2:
lab@R2> show bgp summary
Groups: 4 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 1744 1734 0 0 0 0
inet6.0 38 36 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.38 1342930876 650 171 0 0 1:15:34 Establ
inet.0: 856/861/856/0
inet6.0: 1/1/1/0
172.27.0.66 1342930876 578 172 0 0 1:15:38 Establ
inet.0: 855/860/855/0
inet6.0: 1/1/1/0
172.27.255.1 65000 1012 643 0 0 1:15:33 Establ
inet.0: 23/23/23/0
inet6.0: 17/18/18/0
172.27.255.4 65001 80 551 0 0 33:14 Establ
inet.0: 0/0/0/0
inet6.0: 17/18/18/0

lab@R2> show route 111.111.1/24

inet.0: 915 destinations, 1765 routes (910 active, 0 holddown, 10 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 01:15:45, localpref 200


AS path: 1342930876 I
> to 172.27.0.66 via ge-0/0/3.0

lab@R2> show route 150.150/24

inet.0: 915 destinations, 1765 routes (910 active, 0 holddown, 10 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 00:55:32, localpref 200, from 172.27.255.1


AS path: (65000) 2087403078 I
> to 172.27.0.6 via ge-0/0/4.0
to 172.27.0.1 via ge-0/0/1.0

www.juniper.net BGP Implementation • Lab 6–91


JNCIE Service Provider Bootcamp
lab@R2> show route 202.202/24

inet.0: 915 destinations, 1765 routes (910 active, 0 holddown, 10 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 00:13:48, localpref 300, from 172.27.255.1


AS path: (65000 65002) 65512 65512 I
> to 172.27.0.6 via ge-0/0/4.0

lab@R2> show route resolution unresolved


Tree Index 1
Tree Index 2
Tree Index 3
Tree Index 4
Tree Index 5

• R3:
lab@R3> show bgp summary
Groups: 4 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 897 889 0 0 0 0
inet6.0 34 34 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.62 2087403078 158 161 0 0 1:11:18 16/
24/23/0 0/0/0/0
172.27.255.1 65000 626 163 0 0 1:11:10 Establ
inet.0: 866/866/866/0
inet6.0: 18/18/18/0
172.27.255.5 65002 542 575 0 0 29:20 Establ
inet.0: 7/7/7/0
inet6.0: 0/0/0/0
2008:4498::2 65432 158 162 0 0 1:11:14 Establ
inet6.0: 16/16/16/0

lab@R3> show route 111.111.1/24

inet.0: 910 destinations, 917 routes (909 active, 0 holddown, 1 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 01:11:19, localpref 200, from 172.27.255.1


AS path: (65001) 1342930876 I
> to 172.27.0.14 via ge-0/0/1.0
to 172.27.0.18 via ge-0/0/2.0

lab@R3> show route 150.150/24

inet.0: 910 destinations, 917 routes (909 active, 0 holddown, 1 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 01:11:32, localpref 200


AS path: 2087403078 I
> to 172.27.0.62 via ge-0/0/5.0

Lab 6–92 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp
lab@R3> show route 202.202/24

inet.0: 910 destinations, 917 routes (909 active, 0 holddown, 1 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 00:29:41, localpref 300, from 172.27.255.5


AS path: (65002) 65512 65512 I
> to 172.27.0.25 via ge-0/0/3.0
[BGP/170] 01:11:39, localpref 200
AS path: 2087403078 65512 I
> to 172.27.0.62 via ge-0/0/5.0

lab@R3> show route resolution unresolved


Tree Index 1
Tree Index 2
Tree Index 3
Tree Index 4
Tree Index 5

lab@R3> show route ::/0 exact

inet6.0: 41 destinations, 44 routes (41 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

::/0 *[BGP/170] 01:11:40, localpref 100, from 172.27.255.1


AS path: 1342930876 I
> to 172.27.0.14 via ge-0/0/1.0, Push 2

lab@R3> show route 2008:4498:0:1::/64

inet6.0: 41 destinations, 44 routes (41 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

2008:4498:0:1::/64 *[BGP/170] 00:49:42, localpref 100, from 172.27.255.1


AS path: (65001) I
> to 172.27.0.18 via ge-0/0/2.0, Push 2

lab@R3> show route 2008:4498:2::/64

inet6.0: 41 destinations, 44 routes (41 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

2008:4498:2::/64 *[BGP/170] 00:49:47, localpref 100, from 172.27.255.1


AS path: (65001) 65432 I
> to 172.27.0.18 via ge-0/0/2.0, Push 2

• R4:
lab@R4> show bgp summary
Groups: 3 Peers: 3 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 912 889 0 0 0 0
inet6.0 52 34 0 0 0 0

www.juniper.net BGP Implementation • Lab 6–93


JNCIE Service Provider Bootcamp
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.255.2 65001 593 121 0 0 52:18 Establ
inet.0: 889/889/889/0
inet6.0: 17/18/18/0
172.27.255.5 65002 489 568 0 0 32:25 Establ
inet.0: 0/23/23/0
inet6.0: 1/18/18/0
2008:4498:0:1::2 65432 117 123 0 0 52:22 Establ
inet6.0: 16/16/16/0

lab@R4> show route 111.111.1/24

inet.0: 907 destinations, 930 routes (907 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 00:52:24, localpref 200, from 172.27.255.2


AS path: 1342930876 I
> to 172.27.0.5 via ge-0/0/1.0

lab@R4> show route 150.150/24

inet.0: 907 destinations, 930 routes (907 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 00:52:30, localpref 200, from 172.27.255.2


AS path: (65000) 2087403078 I
> to 172.27.0.17 via ge-0/0/5.0
[BGP/170] 00:32:37, localpref 200, from 172.27.255.5
AS path: (65002 65000) 2087403078 I
> to 172.27.0.17 via ge-0/0/5.0

lab@R4> show route 202.202/24

inet.0: 907 destinations, 930 routes (907 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 00:32:49, localpref 300, from 172.27.255.2


AS path: (65000 65002) 65512 65512 I
> to 172.27.0.22 via ge-0/0/4.0
[BGP/170] 00:32:41, localpref 300, from 172.27.255.5
AS path: (65002) 65512 65512 I
> to 172.27.0.22 via ge-0/0/4.0

lab@R4> show route resolution unresolved


Tree Index 1
Tree Index 2
Tree Index 3
Tree Index 4
Tree Index 5

lab@R4> show route ::/0 exact

inet6.0: 42 destinations, 64 routes (42 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

Lab 6–94 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp

::/0 *[BGP/170] 00:32:51, localpref 100, from 172.27.255.5


AS path: (65002 65000) 1342930876 I
> to 172.27.0.10 via ae0.0, Push 2
[BGP/170] 00:52:44, localpref 100, from 172.27.255.2
AS path: 1342930876 I
> to 172.27.0.5 via ge-0/0/1.0, Push 2

lab@R4> show route 2008:4498:0:1::/64

inet6.0: 42 destinations, 64 routes (42 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

2008:4498:0:1::/64 *[Direct/0] 1d 01:21:23


> via ge-0/0/2.0
2008:4498:0:1::1/128
*[Local/0] 1d 01:21:24
Local via ge-0/0/2.0

lab@R4> show route 2008:4498:2::/64

inet6.0: 42 destinations, 64 routes (42 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

2008:4498:2::/64 *[BGP/170] 00:52:57, localpref 100


AS path: 65432 I
> to 2008:4498:0:1::2 via ge-0/0/2.0

• R5
lab@R5> show bgp summary
Groups: 2 Peers: 3 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 1771 889 0 0 0 0
inet6.0 69 35 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.255.3 65000 701 708 0 0 1:44:42 Establ
inet.0: 882/882/882/0
inet6.0: 35/35/35/0
172.27.255.4 65001 707 648 0 0 1:44:33 Establ
inet.0: 0/882/882/0
inet6.0: 0/34/34/0
202.202.0.1 65512 699 699 0 0 1:44:51 7/7/
7/0 0/0/0/0

lab@R5> show route 111.111.1/24

inet.0: 911 destinations, 1793 routes (911 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 01:44:50, localpref 200, from 172.27.255.3


AS path: (65000 65001) 1342930876 I
> to 172.27.0.21 via ge-0/0/2.0
[BGP/170] 01:44:41, localpref 200, from 172.27.255.4

www.juniper.net BGP Implementation • Lab 6–95


JNCIE Service Provider Bootcamp
AS path: (65001) 1342930876 I
> to 172.27.0.21 via ge-0/0/2.0

lab@R5> show route 150.150/24

inet.0: 911 destinations, 1793 routes (911 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 01:44:54, localpref 200, from 172.27.255.3


AS path: (65000) 2087403078 I
> to 172.27.0.26 via ge-0/0/1.0
[BGP/170] 01:44:46, localpref 200, from 172.27.255.4
AS path: (65001 65000) 2087403078 I
> to 172.27.0.26 via ge-0/0/1.0

lab@R5> show route 202.202/24

inet.0: 911 destinations, 1793 routes (911 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 01:45:10, localpref 300, from 202.202.0.1


AS path: 65512 65512 I
> to 172.27.0.50 via ge-0/0/4.0
to 172.27.0.74 via ge-0/0/5.0
202.202.0.1/32 *[Static/5] 23:23:50
> to 172.27.0.50 via ge-0/0/4.0
to 172.27.0.74 via ge-0/0/5.0

lab@R5> show route resolution unresolved


Tree Index 1
Tree Index 2
Tree Index 3
Tree Index 4
Tree Index 5

STOP Tell your instructor that you have completed this lab.

Lab 6–96 • BGP Implementation www.juniper.net


JNCIE Service Provider Bootcamp

www.juniper.net BGP Implementation • Lab 6–97


JNCIE Service Provider Bootcamp

Lab 6–98 • BGP Implementation www.juniper.net


Lab
BGP Troubleshooting

Overview
In this lab, you will have to troubleshoot a BGP network including IBGP, EBGP, and routing
policies according to the provided task list. You will have 1.5 hours to complete the lab.
The initial lab setup is shown below:
• OSPF is the core IGP protocol. The OSPF domain is divided into two areas. R1 and R2
routers are located in Area 0, R5 router is in Area 1. R3 and R4 routers are ABRs with
links in both Area 0 and Area 1.
• LDP is configured as the core MPLS protocol on all routers in your AS.
• Your IBGP network is configured using route reflection design with one route
reflection cluster and two route reflectors: R3 and R4. All IBGP sessions use the lo0.0
interface IP address.
• All IBGP sessions in your autonomous system are authenticated using MD5
authentication using the key juniper.
• BGP next-hop-self policy is used to resolve the BGP next hop for IPv4 prefixes on all
routers in your AS except for R4.
• EBGP over IPv4 sessions are configured to C2 Customer, Peer (P), and Transit (T)
neighbors. EBGP session to C2 is configured to load balance over the two links that
connect R5 and C2 using only one BGP session.
• EBGP over IPv6 sessions are configured to C1 and C3 routers. The communication
among C1, C3, and the Transit routers T1 and T2 is provided using 6PE technology.
• The R3 and R4 are configured with prefix limit with maximum 12 prefixes allowed
from customer routers C1 and C3. If this limit is exceeded, the routers should
generate the syslog message but the sessions should remain active.
• All routers in your AS are configured to log BGP sessions state changes to syslog.
• Policies are implemented at R1, R2, R3, and R5 routers that should advertise a
summary route representing local AS IPv4 range to the Peer (P), Transit provider (T1
and T2), and the C2 Customer.
• Policies are implemented at R1 and R2 routers that should advertise only a summary
route representing local AS IPv6 range to the Transit provider and block all other IPv6
routes.

www.juniper.net BGP Troubleshooting • Lab 7–1


JNCIE Service Provider Bootcamp
• Policies are implemented at R1, R2, and R3 routers that should not accept IPv4
routes with a mask shorter than /8 or longer than /24 from the Peer (P) and Transit
provider.
• A policy is implemented at R5 that should prefer routes received from C2 Customer
directly to the same prefix learned from either a Peer (P) or a Transit provider.
By completing this lab, you will perform the following tasks:
• Using CLI operational mode commands, troubleshoot the IBGP and EBGP sessions
and discover the source of problems.
• Using CLI operational and configuration mode, ensure that all IBGP and EBGP
sessions are up, running, and support appropriate address families. You are not
allowed to change OSPF area design.
• All Peer (P), Transit provider (T1, T2), and C2 IPv4 prefixes, except of the prefixes with
mask shorter than /8 or longer than /24, must be active and reachable on all routers
in your AS.
• All Customer C1 and C3 IPv6 prefixes as well as IPv6 default routes advertised by the
Transit provider must be active and reachable on R1, R2, R3, and R4 routers.
• Troubleshoot the implemented policies and ensure that they operate as expected.
• Ensure that no suboptimal paths are taken for all routes.

Lab 7–2 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp

Troubleshooting and Repairing BGP Sessions


In this lab part, you will troubleshoot and repair the BGP sessions using CLI operational mode
commands and then using CLI configuration mode to adjust the BGP settings to ensure that all
BGP sessions are operational and can convey routing for the required address families.
Note
We recommend that you to carefully
examine the initial setup checklist before
you start troubleshooting.

Your Autonomous system number is 3895077211


R1 EBGP peers data:
P - 172.27.0.30, AS 2087403078
T1 - 172.27.0.34, AS 1342930876
R2 EBGP peers data:
T1 - 172.27.0.66, AS AS 1342930876
T2 - 172.27.0.38, AS AS 1342930876
R3 EBGP peers data:
P - 172.27.0.62, AS 2087403078
C1 - 2008:4498::2, AS 65432
R4 EBGP peers data:
C3 - 2008:4498:0:1::2, AS 65432
R5 EBGP peers data:
C2 - 202.202.0.1, AS 65512
TASK 1
Access the CLI for your routers using either the console, Telnet, or SSH as directed by your
instructor. Refer to the management network diagram for the IP address associated with your
devices. Log in as user ops with the password ops123.
TASK COMPLETION
• R1:
R1 (ttyd0)

login: ops
Password:

www.juniper.net BGP Troubleshooting • Lab 7–3


JNCIE Service Provider Bootcamp
• --- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06
13:40:14 UTCR2:
R2 (ttyd0)

login: ops
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


• R3:
R3 (ttyd0)

login: ops
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


• R4:
R4 (ttyd0)

login: ops
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


• R5:
R5 (ttyd0)

login: ops
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


TASK 2
Using CLI operational mode commands troubleshoot the IBGP and EBGP
sessions and discover the source of problems.
TASK INTERPRETATION
In this step, several problems with BGP sessions are induced. You will be using the ops user
account, which is not allowed to enter the configuration mode. Using operational mode
commands, you must discover the problems.
TASK COMPLETION
• R1:
ops@R1> show bgp summary
Groups: 3 Peers: 4 Down peers: 2
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 884 878 0 0 0 0
inet6.0 1 1 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...

Lab 7–4 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
172.27.0.30 2087403078 39 40 0 0 16:12 23/
24/23/0 0/0/0/0
172.27.0.34 1342930876 450 41 0 0 16:08 Establ
inet.0: 855/860/855/0
inet6.0: 1/1/1/0
172.27.255.3 3895077211 0 0 0 0 50:48 Connect
172.27.255.4 3895077211 0 0 0 0 50:48 Active
The status reveals that two EBGP sessions are established and two IBGP sessions are either in
Active or Connect states. Now check the IBGP sessions.
ops@R1> show bgp neighbor 172.27.255.3
Peer: 172.27.255.3+179 AS 3895077211 Local: 172.27.255.1 AS 3895077211
Type: Internal State: Connect Flags: <ImportEval>
Last State: Active Last Event: ConnectRetry
Last Error: None
Options: <Preference LocalAddress AuthKey LogUpDown AddressFamily Refresh>
Authentication key is configured
Address families configured: inet-unicast inet6-labeled-unicast
Local Address: 172.27.255.1 Holdtime: 90 Preference: 170
NLRI inet6-labeled-unicast: ExplicitNull
Number of flaps: 0

ops@R1> show bgp neighbor 172.27.255.4


Peer: 172.27.255.4 AS 3895077211 Local: 172.27.255.1 AS 3895077211
Type: Internal State: Active Flags: <ImportEval>
Last State: Idle Last Event: Start
Last Error: None
Options: <Preference LocalAddress AuthKey LogUpDown AddressFamily Refresh>
Authentication key is configured
Address families configured: inet-unicast inet6-labeled-unicast
Local Address: 172.27.255.1 Holdtime: 90 Preference: 170
NLRI inet6-labeled-unicast: ExplicitNull
Number of flaps: 0

The output shows that the sessions are configured to the peers 172.27.255.3 and
172.27.255.4 using 172.27.255.1 local address. The sessions use authentication. We first
check the IP connectivity between the peers.
ops@R1> ping 172.27.255.3 source 172.27.255.1 count 2
PING 172.27.255.3 (172.27.255.3): 56 data bytes
64 bytes from 172.27.255.3: icmp_seq=0 ttl=64 time=3.468 ms
64 bytes from 172.27.255.3: icmp_seq=1 ttl=64 time=5.449 ms

--- 172.27.255.3 ping statistics ---


2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.468/4.458/5.449/0.990 ms

ops@R1> ping 172.27.255.4 source 172.27.255.1 count 2


PING 172.27.255.4 (172.27.255.4): 56 data bytes
64 bytes from 172.27.255.4: icmp_seq=0 ttl=64 time=3.420 ms
64 bytes from 172.27.255.4: icmp_seq=1 ttl=64 time=5.204 ms

--- 172.27.255.4 ping statistics ---


2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.420/4.312/5.204/0.892 ms
www.juniper.net BGP Troubleshooting • Lab 7–5
JNCIE Service Provider Bootcamp
Both IBGP peers are reachable. Next, check the syslog messages file.
ops@R1> show log messages | match MD5
Jan 27 09:08:37 R1 /kernel: tcp_auth_ok: Packet from 172.27.255.4:53991 wrong MD5
digest
Jan 27 09:10:02 R1 /kernel: tcp_auth_ok: Packet from 172.27.255.3:63449 wrong MD5
digest
Jan 27 09:11:05 R1 /kernel: tcp_auth_ok: Packet from 172.27.255.4:54475 wrong MD5
digest
Jan 27 09:12:30 R1 /kernel: tcp_auth_ok: Packet from 172.27.255.3:52126 wrong MD5
digest
The output shows that TCP packets received from both 172.27.255.3 and 172.27.255.4 cannot
be authenticated.
Synopsis: The probable source of the peering problem is authentication.
• R2:
ops@R2> show bgp summary
Groups: 3 Peers: 4 Down peers: 2
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 1721 1711 0 0 0 0
inet6.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.38 1342930876 580 100 0 0 43:42 856/
861/856/0 0/0/0/0
172.27.0.66 1342930876 579 100 0 0 43:38 855/
860/855/0 0/0/0/0
172.27.255.3 3895077211 0 0 0 0 1:07:58 Active
172.27.255.4 3895077211 0 0 0 0 1:07:58 Active
The status reveals that two EBGP sessions are established and two IBGP sessions are either in
Active or Connect states. Let us check the IBGP sessions.
ops@R2> show bgp neighbor 172.27.255.3
Peer: 172.27.255.3 AS 3895077211 Local: 172.27.255.2 AS 3895077211
Type: Internal State: Active Flags: <ImportEval>
Last State: Idle Last Event: Start
Last Error: None
Export: [ NHS ]
Options: <Preference LocalAddress AuthKey LogUpDown AddressFamily Refresh>
Authentication key is configured
Address families configured: inet-unicast inet6-labeled-unicast
Local Address: 172.27.255.2 Holdtime: 90 Preference: 170
NLRI inet6-labeled-unicast: ExplicitNull
Number of flaps: 0

ops@R2> show bgp neighbor 172.27.255.4


Peer: 172.27.255.4 AS 3895077211 Local: 172.27.255.2 AS 3895077211
Type: Internal State: Active Flags: <ImportEval>
Last State: Idle Last Event: Start
Last Error: None
Export: [ NHS ]
Options: <Preference LocalAddress AuthKey LogUpDown AddressFamily Refresh>
Authentication key is configured
Address families configured: inet-unicast inet6-labeled-unicast

Lab 7–6 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
Local Address: 172.27.255.2 Holdtime: 90 Preference: 170
NLRI inet6-labeled-unicast: ExplicitNull
Number of flaps: 0
The output shows that the sessions are configured to the peers 172.27.255.3 and
172.27.255.4 using 172.27.255.2 local address. The sessions use authentication. First, check
the IP connectivity between the peers.
ops@R2> ping 172.27.255.3 source 172.27.255.2 count 2
PING 172.27.255.3 (172.27.255.3): 56 data bytes
^C
--- 172.27.255.3 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

ops@R2> ping 172.27.255.4 source 172.27.255.2 count 2


PING 172.27.255.4 (172.27.255.4): 56 data bytes
^C
--- 172.27.255.4 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
None of the IBGP peers is reachable. Let us check IGP routing.
ops@R2> show route 172.27.255.3

inet.0: 893 destinations, 1743 routes (888 active, 0 holddown, 10 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.255.3/32 *[OSPF/10] 00:58:48, metric 2


> to 172.27.0.1 via ge-0/0/1.0
to 172.27.0.6 via ge-0/0/4.0

ops@R2> show route 172.27.255.4

inet.0: 893 destinations, 1743 routes (888 active, 0 holddown, 10 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.255.4/32 *[OSPF/10] 00:58:53, metric 1


> to 172.27.0.6 via ge-0/0/4.0
Both remote loopbacks are in the routing table. We try to ping them again without specifying the
source address.
ops@R2> ping 172.27.255.3 count 2
PING 172.27.255.3 (172.27.255.3): 56 data bytes
64 bytes from 172.27.255.3: icmp_seq=0 ttl=63 time=4.694 ms
64 bytes from 172.27.255.3: icmp_seq=1 ttl=63 time=4.966 ms

--- 172.27.255.3 ping statistics ---


2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.694/4.830/4.966/0.136 ms

ops@R2> ping 172.27.255.4 count 2


PING 172.27.255.4 (172.27.255.4): 56 data bytes
64 bytes from 172.27.255.4: icmp_seq=0 ttl=64 time=3.976 ms
64 bytes from 172.27.255.4: icmp_seq=1 ttl=64 time=4.036 ms

www.juniper.net BGP Troubleshooting • Lab 7–7


JNCIE Service Provider Bootcamp
--- 172.27.255.4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.976/4.006/4.036/0.030 ms
Both remote loopbacks are now reachable.
ops@R2> show ospf interface
Interface State Area DR ID BDR ID Nbrs
ge-0/0/1.0 BDR 0.0.0.0 172.27.255.1 172.27.255.2 1
ge-0/0/4.0 DR 0.0.0.0 172.27.255.2 172.27.255.4 1
The output shows that lo0.0 is not configured in OSPF.
Synopsis: The probable source of the peering problem is bidirectional IGP reachability.
• R3:
ops@R3> show bgp summary
Groups: 3 Peers: 5 Down peers: 4
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 24 24 0 0 0 0
inet6.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.62 2087403078 171 174 0 0 1:16:28 24/
24/24/0 0/0/0/0
172.27.255.1 3895077211 0 0 0 0 1:34:13 Connect
172.27.255.2 3895077211 0 0 0 0 1:34:13 Active
172.27.255.5 3895077211 0 0 0 0 1:34:13 Connect
2008:4498::2 65432 0 62 0 0 1:34:13 Active
The output shows that all sessions except for one EBGP session to 172.27.0.62 are either in
Active or Connect state. Check the IBGP sessions first. R1 and R2 inspection revealed the source
of problems.
ops@R3> show log messages | match MD5
Jan 27 09:47:45 R3 /kernel: tcp_auth_ok: Packet from 172.27.255.1:54918 wrong MD5
digest
Jan 27 09:47:48 R3 /kernel: tcp_auth_ok: Packet from 172.27.255.1:54918 wrong MD5
digest

ops@R3> show route 172.27.255.2

inet.0: 44 destinations, 44 routes (44 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.0.0/16 *[Aggregate/130] 01:39:12


Reject
The output of the last two commands confirms the previously made assumptions.
ops@R3> show bgp group
Group Type: Internal AS: 3895077211 Local AS: 3895077211
Name: Clients Index: 0 Flags: <Export Eval>
Export: [ NHS IPv6-DIRECT ]
Options: <Cluster>
Holdtime: 0
Total peers: 3 Established: 0
172.27.255.1

Lab 7–8 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
172.27.255.2
172.27.255.5

Group Type: External Local AS: 3895077211


Name: P Index: 1 Flags: <Export Eval>
Export: [ to-P ]
Holdtime: 0
Total peers: 1 Established: 1
172.27.0.62+53096
inet.0: 24/24/24/0

Group Type: External AS: 65432 Local AS: 3895077211


Name: C1 Index: 2 Flags: <Export Eval>
Options: <As Override>
Options: <AdvertisePeerAs>
Holdtime: 0
Total peers: 1 Established: 0
2008:4498::2

Groups: 3 Peers: 5 External: 2 Internal: 3 Down peers: 4 Flaps: 0


Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 24 24 0 0 0 0
inet6.0 0 0 0 0 0 0
The show bgp summary command did not show a session to the 172.27.255.4 neighbor. The
output confirms that the peering session to R4 (172.27.255.4) is not configured. This error
prevents the R3 and R4 from exchanging with EBGP-learned routes in this topology.
ops@R4> show bgp neighbor 172.27.255.5
Peer: 172.27.255.5+179 AS 3895077211 Local: 172.27.255.4 AS 3895077211
Type: Internal State: Connect (route reflector client)Flags: <ImportEval>
Last State: Active Last Event: ConnectRetry
Last Error: None
Export: [ NHS IPv6-DIRECT ]
Options: <Preference LocalAddress AuthKey LogUpDown Cluster AddressFamily
Refresh>
Authentication key is configured
Address families configured: inet-unicast inet6-labeled-unicast
Local Address: 172.27.255.4 Holdtime: 90 Preference: 170
NLRI inet6-labeled-unicast: ExplicitNull
Number of flaps: 0
The output shows that the session is configured to the peer 172.27.255.5 using the
172.27.255.3 local address. The session uses authentication. First check the IP connectivity
between the peers.
ops@R3> ping 172.27.255.5 source 172.27.255.3 count 2
PING 172.27.255.5 (172.27.255.5): 56 data bytes
^C
--- 172.27.255.5 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

ops@R3> show route 172.27.255.5

inet.0: 44 destinations, 44 routes (44 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

www.juniper.net BGP Troubleshooting • Lab 7–9


JNCIE Service Provider Bootcamp

172.27.255.5/32 *[OSPF/10] 01:42:53, metric 1


> to 172.27.0.25 via ge-0/0/3.0

ops@R3> ping 172.27.255.5 count 2


PING 172.27.255.5 (172.27.255.5): 56 data bytes
64 bytes from 172.27.255.5: icmp_seq=0 ttl=64 time=3.064 ms
64 bytes from 172.27.255.5: icmp_seq=1 ttl=64 time=2.987 ms

--- 172.27.255.5 ping statistics ---


2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.987/3.026/3.064/0.039 ms
The output of the last three commands reveals a bidirectional IGP reachability problem.
ops@R3> show ospf interface
Interface State Area DR ID BDR ID Nbrs
ge-0/0/1.0 BDR 0.0.0.0 172.27.255.1 172.27.255.3 1
ge-0/0/2.0 DR 0.0.0.0 172.27.255.3 172.27.255.4 1
lo0.0 DR 0.0.0.0 172.27.255.3 0.0.0.0 0
ge-0/0/3.0 DR 0.0.0.1 172.27.255.3 172.27.255.5 1
The R3 lo0.0 is configured in OSPF. The reachability problem is most probably related to R5
configuration.
Check the EBGP session to C1 (2008:4498::2).
ops@R3> show bgp neighbor 2008:4498::2
Peer: 2008:4498::2 AS 65432 Local: 2008:4498::1 AS 3895077211
Type: External State: Active Flags: <ImportEval>
Last State: Idle Last Event: Start
Last Error: Open Message Error
Options: <Preference LogUpDown AddressFamily PeerAS PrefixLimit Refresh As
Override>
Options: <AdvertisePeerAs>
Address families configured: inet6-unicast
Holdtime: 90 Preference: 170
Number of flaps: 0
Error: 'Open Message Error' Sent: 43 Recv: 0
The output shows that the session is configured to 2008:4498::2 from 2008:4498::1 local
address. There is an “Open Message Error” status message in the output. This error most
probably indicates misconfigured BGP settings on one or both peers. To troubleshoot it, we
recommend configuring traceoptions, which we perform in the next step because user ops
does not have sufficient privileges.
ops@R3> ping 2008:4498::2 count 2
PING6(56=40+8+8 bytes) 2008:4498::1 --> 2008:4498::2
16 bytes from 2008:4498::2, icmp_seq=0 hlim=64 time=7.200 ms
16 bytes from 2008:4498::2, icmp_seq=1 hlim=64 time=7.449 ms

--- 2008:4498::2 ping6 statistics ---


2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/std-dev = 7.200/7.325/7.449/0.124 ms
The output shows that IPv6 connectivity works.

Lab 7–10 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
Synopsis: The source of peering problems:
– R1 is authentication key mismatch;
– R2 is bidirectional IGP reachability. R2 loopback address is not known in OSPF;
– R4 is absence of IBGP session configured;
– R5 is bidirectional IGP reachability, most probably incorrect routing
configuration on R5;
– C1 is misconfigured BGP parameters.
• R4:
ops@R4> show bgp summary
Groups: 2 Peers: 4 Down peers: 4
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 0 0 0 0 0 0
inet6.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.255.1 3895077211 0 0 0 0 2:08:27 Active
172.27.255.2 3895077211 0 0 0 0 2:08:27 Active
172.27.255.5 3895077211 0 0 0 0 2:08:27 Active
2008:4498:0:1::2 65432 51 100 0 25 1:24 Idle
The output shows that all IBGP sessions stay in active state and the EBGP session is in the idle
state. First check the IBGP sessions. R1 and R2 inspection reveals the source of problems.
ops@R4> show log messages | match MD5
Jan 27 09:00:16 R4 /kernel: tcp_auth_ok: Packet from 172.27.255.1:64278 wrong MD5
digest
Jan 27 09:00:19 R4 /kernel: tcp_auth_ok: Packet from 172.27.255.1:64278 wrong MD5
digest

ops@R4> show route 172.27.255.2


The output of the last two commands confirms the previously made assumptions.
ops@R4> show bgp group
Group Type: Internal AS: 3895077211 Local AS: 3895077211
Name: Clients Index: 0 Flags: <Export Eval>
Export: [ NHS IPv6-DIRECT ]
Options: <Cluster>
Holdtime: 0
Total peers: 3 Established: 0
172.27.255.1
172.27.255.2
172.27.255.5

Group Type: External AS: 65432 Local AS: 3895077211


Name: C3 Index: 1 Flags: <Export Eval>
Options: <As Override>
Options: <AdvertisePeerAs>
Holdtime: 0
Total peers: 1 Established: 0
2008:4498:0:1::2

www.juniper.net BGP Troubleshooting • Lab 7–11


JNCIE Service Provider Bootcamp
Groups: 2 Peers: 4 External: 1 Internal: 3 Down peers: 4 Flaps: 36
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 0 0 0 0 0 0
inet6.0 0 0 0 0 0 0
The show bgp summary command did not show a session to the 172.27.255.3 neighbor. The
output confirms that the peering session to R3 (172.27.255.3) is not configured, which prevents
the R3 and R4 from exchanging with EBGP-learned routes in this topology.
ops@R4> show bgp neighbor 172.27.255.5
Peer: 172.27.255.5+179 AS 3895077211 Local: 172.27.255.4 AS 3895077211
Type: Internal State: Connect (route reflector client)Flags: <ImportEval>
Last State: Active Last Event: ConnectRetry
Last Error: None
Export: [ NHS IPv6-DIRECT ]
Options: <Preference LocalAddress AuthKey LogUpDown Cluster AddressFamily
Refresh>
Authentication key is configured
Address families configured: inet-unicast inet6-labeled-unicast
Local Address: 172.27.255.4 Holdtime: 90 Preference: 170
NLRI inet6-labeled-unicast: ExplicitNull
Number of flaps: 0
The output shows that the session is configured to the peer 172.27.255.5 using the
172.27.255.4 local address. The session uses authentication. First check the IP connectivity
between the peers.
ops@R4> ping 172.27.255.5 source 172.27.255.4 count 2
PING 172.27.255.5 (172.27.255.5): 56 data bytes
^C
--- 172.27.255.5 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

ops@R4> show route 172.27.255.5

inet.0: 18 destinations, 18 routes (18 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.255.5/32 *[OSPF/10] 02:27:54, metric 1


> to 172.27.0.22 via ge-0/0/4.0

ops@R4> ping 172.27.255.5 count 2


PING 172.27.255.5 (172.27.255.5): 56 data bytes
64 bytes from 172.27.255.5: icmp_seq=0 ttl=64 time=4.312 ms
64 bytes from 172.27.255.5: icmp_seq=1 ttl=64 time=4.012 ms

--- 172.27.255.5 ping statistics ---


2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.012/4.162/4.312/0.150 ms
The output of the last three commands reveals a bidirectional IGP reachability problem.
ops@R4> show ospf interface
Interface State Area DR ID BDR ID Nbrs
ae0.0 DR 0.0.0.0 172.27.255.4 172.27.255.1 1
ge-0/0/1.0 BDR 0.0.0.0 172.27.255.2 172.27.255.4 1
ge-0/0/5.0 BDR 0.0.0.0 172.27.255.3 172.27.255.4 1

Lab 7–12 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
lo0.0 DR 0.0.0.0 172.27.255.4 0.0.0.0 0
ge-0/0/4.0 DR 0.0.0.1 172.27.255.4 172.27.255.5 1
The R4 lo0.0 is configured in OSPF. The reachability problem is most probably related to R5
configuration.
Check the EBGP session to C3 (2008:4498:0:1::2).
ops@R4> show bgp neighbor 2008:4498:0:1::2
Peer: 2008:4498:0:1::2 AS 65432 Local: 2008:4498:0:1::1 AS 3895077211
Type: External State: Idle Flags: <PrefixLimitIdle>
Last State: Established Last Event: RecvUpdate
Last Error: Cease
Options: <Preference LogUpDown AddressFamily PeerAS PrefixLimit Refresh As
Override>
Options: <AdvertisePeerAs>
Address families configured: inet6-unicast
Holdtime: 90 Preference: 170
Number of flaps: 31
Last flap event: RecvUpdate
Error: 'Cease' Sent: 31 Recv: 0
The output shows that the session is configured to 2008:4498:0:1::2 from 2008:4498:0:1::1
local address. A “Cease” status message is in the output. This error probably indicates that the
session was dropped because of some restrictions.
ops@R4> show log messages | match Cease
Jan 27 09:05:29 R4 rpd[1068]: bgp_rt_maxprefixes_check_common:6856: NOTIFICATION
sent to 2008:4498:0:1::2 (External AS 65432): code 6 (Cease) subcode 1 (Maximum
Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 12

ops@R4> show log messages | match NOTIFICATION


Jan 27 09:05:29 R4 rpd[1068]: bgp_rt_maxprefixes_check_common:6856: NOTIFICATION
sent to 2008:4498:0:1::2 (External AS 65432): code 6 (Cease) subcode 1 (Maximum
Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 12
Jan 27 09:06:01 R4 rpd[1068]: bgp_pp_recv:2961: NOTIFICATION sent to
2008:4498:0:1::2+64490 (proto): code 2 (Open Message Error) subcode 5
(authentication failure), Reason: no group for 2008:4498:0:1::2+64490 (proto)
from AS 65432 found (peer idled due to prefix-limit violation), dropping him
The output shows that the session was dropped because the maximum prefix limit was
exceeded. This drop is a configuration error because according to the initial setup, EBGP
sessions should not be dropped when the prefix limit is reached.
Synopsis: The source of peering problems:
– R1 is authentication key mismatch;
– R2 is bidirectional IGP reachability. R2 loopback address is not known in OSPF;
– R3 is absence of IBGP session configured;
– R5 is bidirectional IGP reachability, most probably incorrect routing
configuration on R5;
– C3 is misconfigured BGP prefix limit action.

www.juniper.net BGP Troubleshooting • Lab 7–13


JNCIE Service Provider Bootcamp
• R5:
ops@R5> show bgp summary
Groups: 2 Peers: 3 Down peers: 3
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.255.3 3895077211 0 0 0 0 3:24:56 Active
172.27.255.4 3895077211 0 0 0 0 3:24:56 Active
202.202.0.1 65512 0 0 0 0 3:24:56 Idle
The status reveals that the IBGP sessions are in Active state and the EBGP sessions are in Idle
state. Check the IBGP sessions first.
ops@R5> show bgp neighbor 172.27.255.3
Peer: 172.27.255.3 AS 3895077211 Local: 172.27.255.5 AS 3895077211
Type: Internal State: Active Flags: <ImportEval>
Last State: Idle Last Event: Start
Last Error: None
Export: [ NHS ]
Options: <Preference LocalAddress AuthKey LogUpDown Refresh>
Authentication key is configured
Local Address: 172.27.255.5 Holdtime: 90 Preference: 170
Number of flaps: 0

ops@R5> show bgp neighbor 172.27.255.4


Peer: 172.27.255.4 AS 3895077211 Local: 172.27.255.5 AS 3895077211
Type: Internal State: Active Flags: <ImportEval>
Last State: Idle Last Event: Start
Last Error: None
Export: [ NHS ]
Options: <Preference LocalAddress AuthKey LogUpDown Refresh>
Authentication key is configured
Local Address: 172.27.255.5 Holdtime: 90 Preference: 170
Number of flaps: 0
The output shows that the sessions are configured to the peers 172.27.255.3 and 172.27.255.4
using the 172.27.255.5 local address. First check the IP connectivity between the peers.
ops@R5> ping 172.27.255.3 source 172.27.255.5 count 2
PING 172.27.255.3 (172.27.255.3): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 172.27.255.3 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

ops@R5> ping 172.27.255.4 source 172.27.255.5 count 2


PING 172.27.255.4 (172.27.255.4): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 172.27.255.4 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

ops@R5> show route 172.27.255.3

Lab 7–14 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp

inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.0.0/16 *[Aggregate/130] 03:33:14


Reject

ops@R5> show route 172.27.255.4

inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.0.0/16 *[Aggregate/130] 03:33:18


Reject
The output of the last four commands shows that the remote loopbacks are not reachable.
ops@R5> show route protocol ospf

inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[OSPF/10] 03:35:00, metric 11


to 172.27.0.26 via ge-0/0/1.0
> to 172.27.0.21 via ge-0/0/2.0
224.0.0.5/32 *[OSPF/10] 03:35:20, metric 1
MultiRecv

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

mpls.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)


The output shows that R5 knows only the default route from OSPF because R5 is located in
OSPF totally stubby area. Next, check the EBGP session.
ops@R5> show bgp neighbor 202.202.0.1
Peer: 202.202.0.1 AS 65512 Local: 172.27.255.5 AS 3895077211
Type: External State: Idle Flags: <PeerInterfaceError ImportEval>
Last State: NoState Last Event: NoEvent
Last Error: None
Export: [ to-C2 ]
Options: <Preference LocalAddress LogUpDown PeerAS Refresh>
Local Address: 172.27.255.5 Holdtime: 90 Preference: 170
Number of flaps: 0
The output shows that the session stays in Idle state, which means R5 cannot try to establish
the EBGP session. This error is most probably indicates misconfigured BGP settings. To
troubleshoot it, we recommend to configure traceoptions, which we perform in the next step
because user ops does not have sufficient privileges.
ops@R5> ping 202.202.0.1 source 172.27.255.5 count 2
PING 202.202.0.1 (202.202.0.1): 56 data bytes
64 bytes from 202.202.0.1: icmp_seq=0 ttl=64 time=6.702 ms
64 bytes from 202.202.0.1: icmp_seq=1 ttl=64 time=3.985 ms

www.juniper.net BGP Troubleshooting • Lab 7–15


JNCIE Service Provider Bootcamp
--- 202.202.0.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.985/5.343/6.702/1.359 ms
The output shows that the two peers can reach loopbacks of each other.
Synopsis: The source of peering problems:
• R3 is incorrectly configured routing;
• R4 is incorrectly configured routing;
• C2 is misconfigured BGP parameters.
TASK 3
Log in to the routers as user lab with the password lab123.
TASK COMPLETION
• R1:
R1 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC

• R2:
R2 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC

• R3:
R3 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC

• R4:
R4 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC

Lab 7–16 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
• R5:
R5 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC

TASK 4
Using CLI operational and configuration mode ensure that all IBGP
and EBGP sessions are up, running and support appropriate address
families. You are not allowed to change the OSPF area design.
TASK INTERPRETATION
The task is straightforward.
TASK COMPLETION
• R1:
Synopsis: The probable source of the peering problem is authentication.
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# set protocols bgp group IBGP authentication-key juniper

[edit]
lab@R1# commit
commit complete

[edit]
lab@R1# run show bgp summary
Groups: 3 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 908 879 0 0 0 0
inet6.0 1 1 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.30 2087403078 659 666 0 0 4:59:21 23/
24/23/0 0/0/0/0
172.27.0.34 1342930876 1070 669 0 0 4:59:17 Establ
inet.0: 855/860/855/0
inet6.0: 1/1/1/0
172.27.255.3 3895077211 34 511 0 0 13:05 Establ
inet.0: 1/24/24/0
inet6.0: 0/0/0/0
172.27.255.4 3895077211 32 441 0 0 12:50 Establ
inet.0: 0/0/0/0
inet6.0: 0/0/0/0
The output shows that all sessions are established now and the peers negotiated appropriate
address families.

www.juniper.net BGP Troubleshooting • Lab 7–17


JNCIE Service Provider Bootcamp
• R2:
Synopsis: The probable source of the peering problem is bidirectional IGP reachability.
lab@R2> configure
Entering configuration mode

[edit]
lab@R2# set protocols ospf area 0 interface lo0.0

[edit]
lab@R2# commit
commit complete

[edit]
lab@R2# run show bgp summary
Groups: 3 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 3478 1735 0 0 0 0
inet6.0 2 1 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.38 1342930876 1155 682 0 0 5:05:58 856/
861/856/0 0/0/0/0
172.27.0.66 1342930876 1154 682 0 0 5:05:54 855/
860/855/0 0/0/0/0
172.27.255.3 3895077211 416 481 0 0 58 Establ
inet.0: 1/879/879/0
inet6.0: 1/1/1/0
172.27.255.4 3895077211 413 410 0 0 6 Establ
inet.0: 23/878/878/0
inet6.0: 0/1/1/0
The output shows that all sessions are established now, but EBGP sessions have negotiated only
the IPv4 address family.
[edit]
lab@R2# run show bgp neighbor 172.27.0.66
Peer: 172.27.0.66+52140 AS 1342930876 Local: 172.27.0.65+179 AS 3895077211
Type: External State: Established Flags: <Sync>
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: None
Export: [ to-T1 ] Import: [ from-T1 ]
Options: <Preference LogUpDown PeerAS Multipath Refresh>
Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 111.111.0.1 Local ID: 172.27.255.2 Active Holdtime: 90
Keepalive Interval: 30 Peer index: 0
BFD: disabled, down
Local Interface: ge-0/0/3.0
NLRI for restart configured on peer: inet-unicast
NLRI advertised by peer: inet-unicast inet6-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Restart time configured on the peer: 120
Stale routes from peer are kept for: 300
Restart time requested by this peer: 120
Lab 7–18 • BGP Troubleshooting www.juniper.net
JNCIE Service Provider Bootcamp
NLRI that peer supports restart for: inet-unicast inet6-unicast
NLRI that restart is negotiated for: inet-unicast
NLRI of received end-of-rib markers: inet-unicast
NLRI of all end-of-rib markers sent: inet-unicast
Peer supports 4 byte AS extension (peer-as 1342930876)
Peer does not support Addpath
Table inet.0 Bit: 10001
RIB State: BGP restart is complete
Send state: in sync
Active prefixes: 855
Received prefixes: 860
Accepted prefixes: 855
Suppressed due to damping: 0
Advertised prefixes: 25
Last traffic (seconds): Received 3 Sent 21 Checked 48
Input messages: Total 1164Updates 482Refreshes 0Octets 43654
Output messages: Total 692Updates 3Refreshes 0Octets 13406
Output Queue[0]: 0

[edit]
lab@R2# run show bgp neighbor 172.27.0.38
Peer: 172.27.0.38+51554 AS 1342930876 Local: 172.27.0.37+179 AS 3895077211
Type: External State: Established Flags: <Sync>
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: None
Export: [ to-T2 ] Import: [ from-T2 ]
Options: <Preference LogUpDown PeerAS Multipath Refresh>
Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 111.111.0.2 Local ID: 172.27.255.2 Active Holdtime: 90
Keepalive Interval: 30 Peer index: 0
BFD: disabled, down
Local Interface: ge-0/0/2.0
NLRI for restart configured on peer: inet-unicast
NLRI advertised by peer: inet-unicast inet6-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Restart time configured on the peer: 120
Stale routes from peer are kept for: 300
Restart time requested by this peer: 120
NLRI that peer supports restart for: inet-unicast inet6-unicast
NLRI that restart is negotiated for: inet-unicast
NLRI of received end-of-rib markers: inet-unicast
NLRI of all end-of-rib markers sent: inet-unicast
Peer supports 4 byte AS extension (peer-as 1342930876)
Peer does not support Addpath
Table inet.0 Bit: 10000
RIB State: BGP restart is complete
Send state: in sync
Active prefixes: 856
Received prefixes: 861
Accepted prefixes: 856
Suppressed due to damping: 0
Advertised prefixes: 25
Last traffic (seconds): Received 23 Sent 21 Checked 11

www.juniper.net BGP Troubleshooting • Lab 7–19


JNCIE Service Provider Bootcamp
Input messages: Total 1166Updates 483Refreshes 0Octets 43728
Output messages: Total 694Updates 3Refreshes 0Octets 13444
Output Queue[0]: 0

edit]
lab@R2# show protocols bgp group T1-T2
type external;
peer-as 1342930876;
multipath;
neighbor 172.27.0.66 {
import from-T1;
export to-T1;
}
neighbor 172.27.0.38 {
import from-T2;
export to-T2;
}

[edit]
lab@R2# set protocols bgp group T1-T2 family inet unicast

[edit]
lab@R2# set protocols bgp group T1-T2 family inet6 unicast

[edit]
lab@R2# commit
commit complete

[edit]
lab@R2# run show bgp summary
Groups: 3 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 3478 1735 0 0 0 0
inet6.0 4 2 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.38 1342930876 488 8 0 0 1:05 Establ
inet.0: 856/861/856/0
inet6.0: 1/1/1/0
172.27.0.66 1342930876 416 8 0 0 1:09 Establ
inet.0: 855/860/855/0
inet6.0: 1/1/1/0
172.27.255.3 3895077211 436 956 0 0 10:08 Establ
inet.0: 1/879/879/0
inet6.0: 0/1/1/0
172.27.255.4 3895077211 433 885 0 0 9:16 Establ
inet.0: 23/878/878/0
inet6.0: 0/1/1/0
The output now shows that all sessions are established and the peers negotiated appropriate
address families.
• R3:
Synopsis: The source of peering problems:
– R1 is authentication key mismatch;
Lab 7–20 • BGP Troubleshooting www.juniper.net
JNCIE Service Provider Bootcamp
– R2 is bidirectional IGP reachability. R2 loopback address is not known in OSPF;
– R4 is absence of IBGP session configured;
– R5 is bidirectional IGP reachability, most probably incorrect routing
configuration on R5;
– C1 is misconfigured BGP parameters.
lab@R3> configure
Entering configuration mode

[edit]
lab@R3# set protocols bgp group Clients neighbor 172.27.255.4

[edit]
lab@R3# set protocols bgp group C1 traceoptions file bgp-trace.log

[edit]
lab@R3# set protocols bgp group C1 traceoptions flag open detail

[edit]
lab@R3# commit
commit complete

[edit]
lab@R3# run show log bgp-trace.log
Jan 27 10:28:34 trace_on: Tracing to "/var/log/bgp-trace.log" started
Jan 27 10:30:23.428658 advertising receiving-speaker only capability to neighbor
2008:4498::2 (External AS 65432)
Jan 27 10:30:23.428743 bgp_send: sending 59 bytes to 2008:4498::2 (External AS
65432)
Jan 27 10:30:23.428772
Jan 27 10:30:23.428772 BGP SEND 2008:4498::1+64511 -> 2008:4498::2+179
Jan 27 10:30:23.428800 BGP SEND message type 1 (Open) length 59
Jan 27 10:30:23.428827 BGP SEND version 4 as 23456 holdtime 90 id 172.27.255.3
parmlen 30
Jan 27 10:30:23.428851 BGP SEND MP capability AFI=2, SAFI=1
Jan 27 10:30:23.428874 BGP SEND Refresh capability, code=128
Jan 27 10:30:23.428898 BGP SEND Refresh capability, code=2
Jan 27 10:30:23.428924 BGP SEND Restart capability, code=64, time=120, flags=
Jan 27 10:30:23.430615 BGP SEND 4 Byte AS-Path capability (65), as_num 3895077211
Jan 27 10:30:23.434276 advertising receiving-speaker only capability to neighbor
2008:4498::2 (External AS 65432)
Jan 27 10:30:23.437365
Jan 27 10:30:23.437365 BGP RECV 2008:4498::2+179 -> 2008:4498::1+64511
Jan 27 10:30:23.437425 BGP RECV message type 1 (Open) length 59
Jan 27 10:30:23.437451 BGP RECV version 4 as 65422 holdtime 90 id 201.201.0.1
parmlen 30
Jan 27 10:30:23.437475 BGP RECV MP capability AFI=2, SAFI=1
Jan 27 10:30:23.437498 BGP RECV Refresh capability, code=128
Jan 27 10:30:23.437522 BGP RECV Refresh capability, code=2
Jan 27 10:30:23.437546 BGP RECV Restart capability, code=64, time=120, flags=
Jan 27 10:30:23.437570 BGP RECV 4 Byte AS-Path capability (65), as_num 65422
Jan 27 10:30:23.437636 bgp_process_open:2691: NOTIFICATION sent to 2008:4498::2
(External AS 65432): code 2 (Open Message Error) subcode 2 (bad peer AS number),
Reason: peer 2008:4498::2 (External AS 65432) claims 65422, 65432 configured
www.juniper.net BGP Troubleshooting • Lab 7–21
JNCIE Service Provider Bootcamp
Jan 27 10:30:23.437662 bgp_send: sending 21 bytes to 2008:4498::2 (External AS
65432)
Jan 27 10:30:23.437689
Jan 27 10:30:23.437689 BGP SEND 2008:4498::1+64511 -> 2008:4498::2+179
Jan 27 10:30:23.437715 BGP SEND message type 3 (Notification) length 21
Jan 27 10:30:23.437739 BGP SEND Notification code 2 (Open Message Error) subcode 2
(bad peer AS number)
The output shows that the remote peer (C1) has incorrectly configured AS 65422. You cannot
change the EBGP peer configuration, hence you must change the R3 peer-as setting.
[edit]
lab@R3# set protocols bgp group C1 peer-as 65422

[edit]
lab@R3# commit
commit complete

[edit]
lab@R3# run show bgp summary
Groups: 3 Peers: 6 Down peers: 2
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 1768 890 0 0 0 0
inet6.0 18 17 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.62 2087403078 733 1231 0 0 5:32:31 24/
24/24/0 0/0/0/0
172.27.255.1 3895077211 583 111 0 0 45:59 Establ
inet.0: 855/878/878/0
inet6.0: 1/1/1/0
172.27.255.2 3895077211 994 475 0 0 27:31 Establ
inet.0: 11/866/866/0
inet6.0: 0/1/1/0
172.27.255.4 3895077211 0 0 0 0 9:14 Active
172.27.255.5 3895077211 0 0 0 0 5:50:16 Connect
2008:4498::2 65422 7 9 0 0 2:08 Establ
inet6.0: 16/16/16/0
The output shows that all sessions except for R4 (172.27.255.4) and R5 (172.27.255.5) are
established successfully and the peers negotiated the required address families.
• R4:
Synopsis: The source of peering problems:
– R1 is authentication key mismatch;
– R2 is bidirectional IGP reachability. R2 loopback address is not known in OSPF;
– R3 is absence of IBGP session configured;
– R5 is bidirectional IGP reachability, most probably incorrect routing configuration
on R5;
– C3 is misconfigured BGP prefix limit action.
lab@R4> configure
Entering configuration mode

Lab 7–22 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp

[edit]
lab@R4# set protocols bgp group Clients neighbor 172.27.255.3

[edit]
lab@R4# delete protocols bgp group C3 family inet6 unicast prefix-limit teardown

[edit]
lab@R4# commit
commit complete

[edit]
lab@R4# run show bgp summary
Groups: 2 Peers: 5 Down peers: 1
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 1768 890 0 0 0 0
inet6.0 34 33 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.255.1 3895077211 554 150 0 0 1:03:34 Establ
inet.0: 878/878/878/0
inet6.0: 1/1/1/0
172.27.255.2 3895077211 965 514 0 0 44:28 Establ
inet.0: 11/866/866/0
inet6.0: 0/1/1/0
172.27.255.3 3895077211 420 420 0 0 2:31 Establ
inet.0: 1/24/24/0
inet6.0: 16/16/16/0
172.27.255.5 3895077211 0 0 0 0 5:57:10 Connect
2008:4498:0:1::2 65432 8 11 0 0 2:27 Establ
inet6.0: 16/16/16/0
The output shows that all sessions except for R5 (172.27.255.5) are established successfully
and the peers negotiated the required address families.
• R5:
Synopsis: The source of peering problems:
– R3 is incorrectly configured routing;
– R4 is incorrectly configured routing;
– C2 is misconfigured BGP parameters.
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# set protocols bgp group C2 traceoptions file bgp-trace.log

[edit]
lab@R5# set protocols bgp group C2 traceoptions flag all detail

[edit]
lab@R5# delete routing-options aggregate route 172.27.0.0/16

[edit]

www.juniper.net BGP Troubleshooting • Lab 7–23


JNCIE Service Provider Bootcamp
lab@R5# commit
commit complete

[edit]
lab@R5# run show log bgp-trace.log
Jan 27 10:59:32 trace_on: Tracing to "/var/log/bgp-trace.log" started
Jan 27 10:59:55.538658 advertising receiving-speaker only capability to neighbor
202.202.0.1 (External AS 65512)
Jan 27 10:59:55.538714 bgp_4byte_aspath_add_cap():155 AS4-Peer 202.202.0.1
(External AS 65512)(SEND): 4 byte AS capability added, AS 3895077211
The output shows that R5 cannot send any BGP messages to the 202.202.0.1 peer.
lab@R5# show protocols bgp group C2
type external;
traceoptions {
file bgp-trace.log;
flag all detail;
}
local-address 172.27.255.5;
export to-C2;
peer-as 65512;
neighbor 202.202.0.1;
The sessions is EBGP session but multihop setting is missing from the configuration.
[edit]
lab@R5# set protocols bgp group C2 multihop

[edit]
lab@R5# commit
commit complete

[edit]
lab@R5# run show bgp summary
Groups: 2 Peers: 3 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 1787 890 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.255.3 3895077211 433 23 0 0 9:14 867/
890/890/0 0/0/0/0
172.27.255.4 3895077211 434 24 0 0 9:21 16/
890/890/0 0/0/0/0
202.202.0.1 65512 519 515 0 0 1:36 7/7/
7/0 0/0/0/0
The output shows that all sessions are established successfully and the peers negotiated the
required address families.
TASK 5
All Peer (P), Transit provider (T1, T2) and C2 IPv4 prefixes, except
of the prefixes with mask shorter than /8 or longer than /24, must
be active and reachable on all routers in your AS.

Lab 7–24 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
TASK INTERPRETATION
The task is straightforward. The sample routes we use for troubleshooting in this step are the
following:
• C2 - 202.202.0.0/24
• P - 150.150.0.0/24
• T1 - 35.0.0.0/8 and 111.111.1.0/24
• T2 - 35.0.0.0/8 and 111.111.1.0/24
TASK COMPLETION
• R1:
[edit]
lab@R1# exit
Exiting configuration mode

lab@R1> show route 202.202/24

inet.0: 918 destinations, 2685 routes (912 active, 0 holddown, 6 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 00:03:00, localpref 100


AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.30 via ge-0/0/1.0
[BGP/170] 00:03:04, localpref 100, from 172.27.255.3
AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0
[BGP/170] 00:00:09, localpref 100, from 172.27.255.4
AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.9 via ae0.0

lab@R1> show route 150.150/24

inet.0: 918 destinations, 2685 routes (912 active, 0 holddown, 6 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 00:03:11, localpref 100


AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.30 via ge-0/0/1.0
[BGP/170] 00:03:15, localpref 100, from 172.27.255.3
AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0
[BGP/170] 00:00:20, localpref 100, from 172.27.255.4
AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.9 via ae0.0

lab@R1> show route 35/8

inet.0: 918 destinations, 995 routes (912 active, 0 holddown, 6 hidden)


+ = Active Route, - = Last Active, * = Both

www.juniper.net BGP Troubleshooting • Lab 7–25


JNCIE Service Provider Bootcamp
35.0.0.0/8 *[BGP/170] 00:03:24, localpref 100
AS path: 1342930876 8918 237 I, validation-state: unverified
> to 172.27.0.34 via ge-0/0/2.0

lab@R1> show route 111.111.1/24

inet.0: 918 destinations, 995 routes (912 active, 0 holddown, 6 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 00:10:07, localpref 100


AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.34 via ge-0/0/2.0
[BGP/170] 00:07:12, localpref 100, from 172.27.255.3
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.2 via ge-0/0/3.0
[BGP/170] 00:07:12, localpref 100, from 172.27.255.4
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.9 via ae0.0
The output shows that all sample routes are active and reachable. At the same time, C2 route
202.202.0.0/24 is preferred from the Peer (P) that is incorrect. The policy that should ensure
that customer routes are always preferred is probably not configured or incorrectly configured on
R5. The route 35/8 is also expected to be received from R2 through route reflectors R3 and R4,
which is not the case now. This error can be related to incorrectly configured policy on either R2
or R3 and R4 routers.
lab@R1> show route 202.202/24 detail

inet.0: 918 destinations, 995 routes (912 active, 0 holddown, 6 hidden)


202.202.0.0/24 (3 entries, 1 announced)
*BGP Preference: 170/-101
Next hop type: Router, Next hop index: 599
Address: 0x929f794
Next-hop reference count: 70
Source: 172.27.0.30
Next hop: 172.27.0.30 via ge-0/0/1.0, selected
Session Id: 0x4
State: <Active Ext>
Local AS: 3895077211 Peer AS: 2087403078
Age: 3:55
Validation State: unverified
Task: BGP_2087403078.172.27.0.30+59311
Announcement bits (3): 0-KRT 5-BGP_RT_Background 6-Resolve tree 2
AS path: 2087403078 65512 I
Accepted
Localpref: 100
Router ID: 150.150.0.1
BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x929f95c
Next-hop reference count: 26
Source: 172.27.255.3
Next hop type: Router, Next hop index: 601
Next hop: 172.27.0.13 via ge-0/0/6.0, selected
Session Id: 0x1
Protocol next hop: 172.27.255.3
Lab 7–26 • BGP Troubleshooting www.juniper.net
JNCIE Service Provider Bootcamp
Indirect next hop: 944c0ec 262146 INH Session ID: 0x7
State: <NotBest Int Ext>
Inactive reason: Not Best in its group - Interior > Exterior >
Exterior via Interior
Local AS: 3895077211 Peer AS: 3895077211
Age: 3:59 Metric2: 1
Validation State: unverified
Task: BGP_3895077211.172.27.255.3+63506
AS path: 2087403078 65512 I
Accepted
Localpref: 100
Router ID: 172.27.255.3
BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x95cc0f4
Next-hop reference count: 45
Source: 172.27.255.4
Next hop type: Router, Next hop index: 604
Next hop: 172.27.0.9 via ae0.0, selected
Session Id: 0x3
Protocol next hop: 172.27.255.4
Indirect next hop: 944c000 262142 INH Session ID: 0xa
State: <NotBest Int Ext>
Inactive reason: Not Best in its group - Interior > Exterior >
Exterior via Interior
Local AS: 3895077211 Peer AS: 3895077211
Age: 1:04 Metric2: 1
Validation State: unverified
Task: BGP_3895077211.172.27.255.4+55011
AS path: 2087403078 65512 I (Originator)
Cluster list: 0.0.0.1
Originator ID: 172.27.255.3
Accepted
Localpref: 100
Router ID: 172.27.255.4

lab@R1> show route protocol bgp terse | match "(/2[5-9])|(/3[0-2])"


* ? 150.150.13.0/25 B 170 100 2087403078 I

lab@R1> show route 150.150.13/25 detail

inet.0: 918 destinations, 954 routes (913 active, 0 holddown, 6 hidden)


150.150.13.0/25 (3 entries, 1 announced)
*BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x929f95c
Next-hop reference count: 26
Source: 172.27.255.3
Next hop type: Router, Next hop index: 601
Next hop: 172.27.0.13 via ge-0/0/6.0, selected
Session Id: 0x1
Protocol next hop: 172.27.255.3
Indirect next hop: 944c0ec 262146 INH Session ID: 0x7
State: <Active Int Ext>
Local AS: 3895077211 Peer AS: 3895077211

www.juniper.net BGP Troubleshooting • Lab 7–27


JNCIE Service Provider Bootcamp
Age: 9:22 Metric2: 1
Validation State: unverified
Task: BGP_3895077211.172.27.255.3+63506
Announcement bits (3): 0-KRT 5-BGP_RT_Background 6-Resolve tree 2
AS path: 2087403078 I
Accepted
Localpref: 100
Router ID: 172.27.255.3
BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x95cc0f4
Next-hop reference count: 45
Source: 172.27.255.4
Next hop type: Router, Next hop index: 604
Next hop: 172.27.0.9 via ae0.0, selected
Session Id: 0x3
Protocol next hop: 172.27.255.4
Indirect next hop: 944c000 262142 INH Session ID: 0xa
State: <NotBest Int Ext>
Inactive reason: Not Best in its group - Cluster list length
Local AS: 3895077211 Peer AS: 3895077211
Age: 9:22 Metric2: 1
Validation State: unverified
Task: BGP_3895077211.172.27.255.4+55011
AS path: 2087403078 I (Originator)
Cluster list: 0.0.0.1
Originator ID: 172.27.255.3
Accepted
Localpref: 100
Router ID: 172.27.255.4
The output reveals that a route with mask longer than /24 is in the routing table. This route is
received from both R3 and R4 with BGP next hop of R3 (172.27.255.3). Most probably an R3
EBGP policy is configured incorrectly.
lab@R1> show route hidden

inet.0: 918 destinations, 997 routes (913 active, 0 holddown, 6 hidden)


+ = Active Route, - = Last Active, * = Both

12.16.126.192/26 [BGP ] 00:05:32, localpref 100


AS path: 1342930876 8918 10578 14325 ?, validation-state:
unverified
> to 172.27.0.34 via ge-0/0/2.0
65.114.168.192/26 [BGP ] 00:05:32, localpref 100
AS path: 1342930876 8918 10886 7082 I, validation-state:
unverified
> to 172.27.0.34 via ge-0/0/2.0
65.115.176.32/27 [BGP ] 00:05:32, localpref 100
AS path: 1342930876 8918 10764 20080 3681 4511 4511 4511 I,
validation-state: unverified
> to 172.27.0.34 via ge-0/0/2.0
65.127.62.0/27 [BGP ] 00:05:32, localpref 100
AS path: 1342930876 8918 14048 16989 I, validation-state:
unverified
> to 172.27.0.34 via ge-0/0/2.0

Lab 7–28 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
129.238.116.0/27 [BGP ] 00:05:32, localpref 100
AS path: 1342930876 8918 668 I, validation-state: unverified
> to 172.27.0.34 via ge-0/0/2.0
150.150.13.0/25 [BGP ] 00:05:28, localpref 100
AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.30 via ge-0/0/1.0

inet.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

mpls.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)

inet6.0: 41 destinations, 76 routes (41 active, 0 holddown, 0 hidden)

inet6.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

lab@R1> show route resolution unresolved


Tree Index 1
Tree Index 2
Tree Index 3
No unresolved routes exist.
• R2:
[edit]
lab@R2# exit
Exiting configuration mode

lab@R2> show route 202.202/24

inet.0: 917 destinations, 3481 routes (912 active, 0 holddown, 1700 hidden)
+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 00:04:01, localpref 100, from 172.27.255.4


AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.6 via ge-0/0/4.0
[BGP/170] 00:35:28, localpref 100, from 172.27.255.3
AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.1 via ge-0/0/1.0
to 172.27.0.6 via ge-0/0/4.0

lab@R2> show route 150.150/24

inet.0: 917 destinations, 3481 routes (912 active, 0 holddown, 1700 hidden)
+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 00:10:20, localpref 100, from 172.27.255.4


AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.6 via ge-0/0/4.0
[BGP/170] 00:41:47, localpref 100, from 172.27.255.3
AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.1 via ge-0/0/1.0
to 172.27.0.6 via ge-0/0/4.0

www.juniper.net BGP Troubleshooting • Lab 7–29


JNCIE Service Provider Bootcamp
lab@R2> show route 35/8

inet.0: 917 destinations, 3481 routes (912 active, 0 holddown, 1700 hidden)
+ = Active Route, - = Last Active, * = Both

35.0.0.0/8 *[BGP/170] 00:02:44, localpref 100, from 172.27.255.4


AS path: 1342930876 8918 237 I, validation-state: unverified
> to 172.27.0.6 via ge-0/0/4.0
[BGP/170] 00:56:31, localpref 100, from 172.27.255.3
AS path: 1342930876 8918 237 I, validation-state: unverified
to Reject

lab@R2> show route 111.111.1/24

inet.0: 917 destinations, 1791 routes (912 active, 0 holddown, 10 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 00:47:54, localpref 100


AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.66 via ge-0/0/3.0
The output shows that all sample routes are active and reachable but the 35/8 route, which is,
for some reason, known indirectly from R3 and R4 instead of being learned from T1 and T2
directly. Moreover, the next hop for the 35/8 route received from R3 is shown as Reject.
lab@R2> show route receive-protocol bgp 172.27.255.3 35/8

inet.0: 917 destinations, 2636 routes (912 active, 0 holddown, 1700 hidden)
Prefix Nexthop MED Lclpref AS path
* 35.0.0.0/8 172.27.0.34 100 1342930876 8918
237 I
The output shows that the route 35/8 is received from R3 with the original BGP next hop
172.27.0.34. The problem is related to next-hop-self policy on R1.
lab@R2> show route 172.27.0.34

inet.0: 917 destinations, 2636 routes (912 active, 0 holddown, 1700 hidden)
+ = Active Route, - = Last Active, * = Both

172.27.0.0/16 *[Aggregate/130] 11:08:32


Reject

lab@R2> show route receive-protocol bgp 172.27.255.4 35/8

inet.0: 917 destinations, 3481 routes (912 active, 0 holddown, 1700 hidden)
Prefix Nexthop MED Lclpref AS path
* 35.0.0.0/8 172.27.255.4 100 1342930876 8918
237 I
The output shows another problem with BGP next hop. The 35/8 route is received from R4 with
BGP next hop set to R4 loopback address. This output indicates that R4 incorrectly changes next
hop to self for certain prefixes.
lab@R2> show route protocol bgp terse | match "(/2[5-9])|(/3[0-2])"
* ? 150.150.13.0/25 B 170 100 2087403078 I

Lab 7–30 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp

lab@R2> show route 150.150.13/25 detail

inet.0: 917 destinations, 2636 routes (912 active, 0 holddown, 1700 hidden)
150.150.13.0/25 (2 entries, 1 announced)
*BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x95848f8
Next-hop reference count: 72
Source: 172.27.255.4
Next hop type: Router, Next hop index: 602
Next hop: 172.27.0.6 via ge-0/0/4.0, selected
Session Id: 0x2
Protocol next hop: 172.27.255.4
Indirect next hop: 95c7928 262147 INH Session ID: 0xc
State: <Active Int Ext>
Local AS: 3895077211 Peer AS: 3895077211
Age: 15 Metric2: 1
Validation State: unverified
Task: BGP_3895077211.172.27.255.4+179
Announcement bits (3): 0-KRT 6-BGP_RT_Background 7-Resolve tree 2
AS path: 2087403078 I (Originator)
Cluster list: 0.0.0.1
Originator ID: 172.27.255.3
Accepted
Localpref: 100
Router ID: 172.27.255.4
BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x963c18c
Next-hop reference count: 24
Source: 172.27.255.3
Next hop type: Router, Next hop index: 262143
Next hop: 172.27.0.1 via ge-0/0/1.0
Session Id: 0x1
Next hop: 172.27.0.6 via ge-0/0/4.0, selected
Session Id: 0x2
Protocol next hop: 172.27.255.3
Indirect next hop: 9594000 262142 INH Session ID: 0x6
State: <NotBest Int Ext>
Inactive reason: Not Best in its group - IGP metric
Local AS: 3895077211 Peer AS: 3895077211
Age: 18:42 Metric2: 2
Validation State: unverified
Task: BGP_3895077211.172.27.255.3+179
AS path: 2087403078 I
Accepted
Localpref: 100
Router ID: 172.27.255.3
The output reveals that a route with a mask longer than /24 is in the routing table. This route is
received from both R3 and R4 with the originator being R3 (172.27.255.3). Most probably an R3
EBGP policy is configured incorrectly.

www.juniper.net BGP Troubleshooting • Lab 7–31


JNCIE Service Provider Bootcamp
lab@R2> show route hidden

inet.0: 917 destinations, 2636 routes (912 active, 0 holddown, 1700 hidden)
+ = Active Route, - = Last Active, * = Both

6.1.0.0/16 [BGP ] 01:56:30, localpref 100


AS path: 1342930876 8918 668 1455 I, validation-state:
unverified
> to 172.27.0.38 via ge-0/0/2.0
[BGP ] 01:56:34, localpref 100
AS path: 1342930876 8918 668 1455 I, validation-state:
unverified
> to 172.27.0.66 via ge-0/0/3.0
6.2.0.0/22 [BGP ] 01:56:30, localpref 100
AS path: 1342930876 8918 668 1455 I, validation-state:
unverified
> to 172.27.0.38 via ge-0/0/2.0
[BGP ] 01:56:34, localpref 100
AS path: 1342930876 8918 668 1455 I, validation-state:
unverified
> to 172.27.0.66 via ge-0/0/3.0
6.3.0.0/18 [BGP ] 01:56:30, localpref 100
AS path: 1342930876 8918 668 1455 I, validation-state:
unverified
> to 172.27.0.38 via ge-0/0/2.0
[BGP ] 01:56:34, localpref 100
AS path: 1342930876 8918 668 1455 I, validation-state:
unverified
> to 172.27.0.66 via ge-0/0/3.0
...

lab@R2> show route resolution unresolved


Tree Index 1
Tree Index 2
Tree Index 3
Many hidden routes exist but no route is unresolved. The routes with masks longer than /8 and
shorter than /24 appear as hidden, which means that they are filtered out by an incorrectly
configured policy.
• R3:
[edit]
lab@R3# exit
Exiting configuration mode

lab@R3> show route 202.202/24

inet.0: 911 destinations, 951 routes (911 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 00:23:16, localpref 100


AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.62 via ge-0/0/5.0
[BGP/170] 00:23:04, localpref 100, from 172.27.255.1
AS path: 2087403078 65512 I, validation-state: unverified

Lab 7–32 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
to Reject
[BGP/170] 00:23:04, localpref 100, from 172.27.255.5
AS path: 65512 65512 I, validation-state: unverified
> to 172.27.0.25 via ge-0/0/3.0

lab@R3> show route 150.150/24

inet.0: 911 destinations, 951 routes (911 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 00:24:09, localpref 100


AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.62 via ge-0/0/5.0
[BGP/170] 00:23:57, localpref 100, from 172.27.255.1
AS path: 2087403078 I, validation-state: unverified
to Reject

lab@R3> show route 35/8

inet.0: 911 destinations, 951 routes (911 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

35.0.0.0/8 *[BGP/170] 00:24:29, localpref 100, from 172.27.255.1


AS path: 1342930876 8918 237 I, validation-state: unverified
to Reject

lab@R3> show route 111.111.1/24

inet.0: 911 destinations, 951 routes (911 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 00:25:07, localpref 100, from 172.27.255.2


AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.14 via ge-0/0/1.0
to 172.27.0.18 via ge-0/0/2.0
[BGP/170] 00:25:07, localpref 100, from 172.27.255.1
AS path: 1342930876 I, validation-state: unverified
to Reject
The output shows that all the sample routes are active and reachable except for 
35/8, which shows a Reject next hop. Note that all the routes that are received from R1
(172.27.255.1) and show Reject next hop. C2 route 202.202.0.0/24 is preferred from the Peer
(P) that is incorrect. The policy that should ensure that customer routes are always preferred is
not configured or incorrectly configured on R5.
lab@R3> show route 35/8 detail

inet.0: 911 destinations, 951 routes (911 active, 0 holddown, 0 hidden)


35.0.0.0/8 (1 entry, 1 announced)
*BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x9289310
Next-hop reference count: 2545
Source: 172.27.255.1
Next hop type: Reject
Protocol next hop: 172.27.0.34
www.juniper.net BGP Troubleshooting • Lab 7–33
JNCIE Service Provider Bootcamp
Indirect next hop: 9490000 262142 INH Session ID: 0x5
State: <Active Int Ext>
Local AS: 3895077211 Peer AS: 3895077211
Age: 25:58 Metric2: 0
Validation State: unverified
Task: BGP_3895077211.172.27.255.1+64770
Announcement bits (3): 0-KRT 5-BGP_RT_Background 6-Resolve tree 2
AS path: 1342930876 8918 237 I
Accepted
Localpref: 100
Router ID: 172.27.255.1

lab@R3> show route receive-protocol bgp 172.27.255.1

inet.0: 911 destinations, 951 routes (911 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 6.1.0.0/16 172.27.0.34 100 1342930876 8918
668 1455 I
* 6.2.0.0/22 172.27.0.34 100 1342930876 8918
668 1455 I
* 6.3.0.0/18 172.27.0.34 100 1342930876 8918
668 1455 I
* 6.4.0.0/16 172.27.0.34 100 1342930876 8918
668 1455 I
* 6.5.0.0/19 172.27.0.34 100 1342930876 8918
668 1455 I
...

lab@R3> show route 172.27.0.34

inet.0: 911 destinations, 951 routes (911 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.0.0/16 *[Aggregate/130] 11:08:59


Reject
The output reveals the problem with the routes received from R1. The next-hop-self policy is not
configured on R1.
lab@R3> show route protocol bgp terse | match "(/2[5-9])|(/3[0-2])"
* ? 150.150.13.0/25 B 170 100 2087403078 I

lab@R3> show route 150.150.13/25 detail

inet.0: 911 destinations, 951 routes (911 active, 0 holddown, 0 hidden)


150.150.13.0/25 (1 entry, 1 announced)
*BGP Preference: 170/-101
Next hop type: Router, Next hop index: 595
Address: 0x9288c3c
Next-hop reference count: 72
Source: 172.27.0.62
Next hop: 172.27.0.62 via ge-0/0/5.0, selected
Session Id: 0x1
State: <Active Ext>
Local AS: 3895077211 Peer AS: 2087403078
Age: 28:32

Lab 7–34 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
Validation State: unverified
Task: BGP_2087403078.172.27.0.62+179
Announcement bits (3): 0-KRT 5-BGP_RT_Background 6-Resolve tree 2
AS path: 2087403078 I
Accepted
Localpref: 100
Router ID: 150.150.0.1
The output reveals that a route with a mask longer than /24 is in the routing table. This output
confirms that the policy that must filter these routes is either not configured or configured
incorrectly.
lab@R3> show route hidden

inet.0: 911 destinations, 951 routes (911 active, 0 holddown, 0 hidden)

inet.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

mpls.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)

inet6.0: 40 destinations, 44 routes (40 active, 0 holddown, 0 hidden)

inet6.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

lab@R3> show route resolution unresolved


Tree Index 1
Tree Index 2
Tree Index 3
No hidden or unresolved routes exist.
• R4:
[edit]
lab@R4# exit
Exiting configuration mode

lab@R4> show route 202.202/24

inet.0: 910 destinations, 950 routes (910 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 00:31:08, localpref 100, from 172.27.255.3


AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.17 via ge-0/0/5.0
[BGP/170] 00:31:15, localpref 100, from 172.27.255.1
AS path: 2087403078 65512 I, validation-state: unverified
to Reject
[BGP/170] 00:31:15, localpref 100, from 172.27.255.5
AS path: 65512 65512 I, validation-state: unverified
> to 172.27.0.22 via ge-0/0/4.0

lab@R4> show route 150.150/24

inet.0: 910 destinations, 950 routes (910 active, 0 holddown, 0 hidden)

www.juniper.net BGP Troubleshooting • Lab 7–35


JNCIE Service Provider Bootcamp
+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 00:32:13, localpref 100, from 172.27.255.3


AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.17 via ge-0/0/5.0
[BGP/170] 00:32:20, localpref 100, from 172.27.255.1
AS path: 2087403078 I, validation-state: unverified
to Reject

lab@R4> show route 35/8

inet.0: 910 destinations, 950 routes (910 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

35.0.0.0/8 *[BGP/170] 00:34:12, localpref 100, from 172.27.255.1


AS path: 1342930876 8918 237 I, validation-state: unverified
to Reject

lab@R4> show route 111.111.1/24

inet.0: 909 destinations, 949 routes (64 active, 0 holddown, 878 hidden)
+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 00:34:32, localpref 100, from 172.27.255.2


AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.5 via ge-0/0/1.0
[BGP/170] 00:34:32, localpref 100, from 172.27.255.1
AS path: 1342930876 I, validation-state: unverified
to Reject
The output shows that all the sample routes are active and reachable, except for the 35/8,
which shows a Reject next hop. Note that all the routes that are received from R1 (172.27.255.1)
and show Reject next hop. C2 route 202.202.0.0/24 is preferred from R3 router with the AS
path 2087403078 65512 that is incorrect. The policy that should ensure that customer routes
are always preferred is not configured or incorrectly configured on R5.
lab@R4> show route 35/8 detail

inet.0: 910 destinations, 950 routes (910 active, 0 holddown, 0 hidden)


35.0.0.0/8 (1 entry, 1 announced)
*BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x94f0698
Next-hop reference count: 2545
Source: 172.27.255.1
Next hop type: Reject
Protocol next hop: 172.27.0.34
Indirect next hop: 94700ec 262142 INH Session ID: 0x6
State: <Active Int Ext>
Local AS: 3895077211 Peer AS: 3895077211
Age: 38:16 Metric2: 0
Validation State: unverified
Task: BGP_3895077211.172.27.255.1+49357
Announcement bits (3): 0-KRT 5-BGP_RT_Background 6-Resolve tree 2
AS path: 1342930876 8918 237 I
Lab 7–36 • BGP Troubleshooting www.juniper.net
JNCIE Service Provider Bootcamp
Accepted
Localpref: 100
Router ID: 172.27.255.1

lab@R4> show route receive-protocol bgp 172.27.255.1

inet.0: 910 destinations, 950 routes (910 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 6.1.0.0/16 172.27.0.34 100 1342930876 8918
668 1455 I
* 6.2.0.0/22 172.27.0.34 100 1342930876 8918
668 1455 I
* 6.3.0.0/18 172.27.0.34 100 1342930876 8918
668 1455 I
...

lab@R4> show route 172.27.0.34

inet.0: 910 destinations, 950 routes (910 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.0.0/16 *[Aggregate/130] 00:07:42


Reject

...

lab@R4> show route resolution unresolved


Tree Index 1
Tree Index 2
Tree Index 3
...
No hidden or unresolved routes exist.
• R5:
[edit]
lab@R5# exit
Exiting configuration mode

lab@R5> show route 202.202/24

inet.0: 904 destinations, 1801 routes (904 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

202.202.0.0/24 *[BGP/170] 01:58:59, localpref 100, from 202.202.0.1


AS path: 65512 65512 I, validation-state: unverified
> to 172.27.0.50 via ge-0/0/4.0
to 172.27.0.74 via ge-0/0/5.0
[BGP/170] 00:41:13, localpref 100, from 172.27.255.3
AS path: 2087403078 65512 I, validation-state: unverified
> to 172.27.0.26 via ge-0/0/1.0
to 172.27.0.21 via ge-0/0/2.0
[BGP/170] 00:22:46, localpref 100, from 172.27.255.4
AS path: 2087403078 65512 I, validation-state: unverified

www.juniper.net BGP Troubleshooting • Lab 7–37


JNCIE Service Provider Bootcamp
> to 172.27.0.26 via ge-0/0/1.0
to 172.27.0.21 via ge-0/0/2.0
202.202.0.1/32 *[Static/5] 03:52:21
to 172.27.0.50 via ge-0/0/4.0
> to 172.27.0.74 via ge-0/0/5.0

lab@R5> show route 150.150/24

inet.0: 904 destinations, 1801 routes (904 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.0.0/24 *[BGP/170] 00:41:53, localpref 100, from 172.27.255.3


AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.26 via ge-0/0/1.0
to 172.27.0.21 via ge-0/0/2.0
[BGP/170] 00:23:26, localpref 100, from 172.27.255.4
AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.26 via ge-0/0/1.0
to 172.27.0.21 via ge-0/0/2.0

lab@R5> show route 35/8

inet.0: 904 destinations, 1801 routes (904 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

35.0.0.0/8 *[BGP/170] 00:42:29, localpref 100, from 172.27.255.3


AS path: 1342930876 8918 237 I, validation-state: unverified
> to 172.27.0.26 via ge-0/0/1.0
to 172.27.0.21 via ge-0/0/2.0
[BGP/170] 00:11:21, localpref 100, from 172.27.255.4
AS path: 1342930876 8918 237 I, validation-state: unverified
> to 172.27.0.26 via ge-0/0/1.0
to 172.27.0.21 via ge-0/0/2.0

lab@R5> show route 111.111.1/24

inet.0: 904 destinations, 1801 routes (904 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 00:43:34, localpref 100, from 172.27.255.3


AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.26 via ge-0/0/1.0
to 172.27.0.21 via ge-0/0/2.0
[BGP/170] 00:25:07, localpref 100, from 172.27.255.4
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.26 via ge-0/0/1.0
to 172.27.0.21 via ge-0/0/2.0
The output shows that all sample routes are active and reachable. The route in question though,
is 35/8.
lab@R5> show route 35/8 detail

show route 35/8 detail

Lab 7–38 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
inet.0: 904 destinations, 1801 routes (904 active, 0 holddown, 0 hidden)
35.0.0.0/8 (2 entries, 1 announced)
*BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x95d4354
Next-hop reference count: 2535
Source: 172.27.255.3
Next hop type: Router, Next hop index: 262145
Next hop: 172.27.0.26 via ge-0/0/1.0, selected
Session Id: 0x3
Next hop: 172.27.0.21 via ge-0/0/2.0
Session Id: 0x4
Protocol next hop: 172.27.0.34
Indirect next hop: 95741d8 262143 INH Session ID: 0x6
State: <Active Int Ext>
Local AS: 3895077211 Peer AS: 3895077211
Age: 44:02 Metric2: 11
Validation State: unverified
Task: BGP_3895077211.172.27.255.3+179
Announcement bits (3): 0-KRT 5-BGP_RT_Background 6-Resolve tree 2
AS path: 1342930876 8918 237 I (Originator)
Cluster list: 0.0.0.1
Originator ID: 172.27.255.1
Accepted
Localpref: 100
Router ID: 172.27.255.3
BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x95e0140
Next-hop reference count: 890
Source: 172.27.255.4
Next hop type: Router, Next hop index: 262145
Next hop: 172.27.0.26 via ge-0/0/1.0, selected
Session Id: 0x3
Next hop: 172.27.0.21 via ge-0/0/2.0
Session Id: 0x4
Protocol next hop: 172.27.255.4
Indirect next hop: 9527b00 - INH Session ID: 0x8
State: <NotBest Int Ext>
Inactive reason: Not Best in its group - Update source
Local AS: 3895077211 Peer AS: 3895077211
Age: 12:54 Metric2: 11
Validation State: unverified
Task: BGP_3895077211.172.27.255.4+179
AS path: 1342930876 8918 237 I (Originator)
Cluster list: 0.0.0.1
Originator ID: 172.27.255.1
Accepted
Localpref: 100
Router ID: 172.27.255.4

lab@R5> show route 172.27.0.34

inet.0: 904 destinations, 956 routes (904 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

www.juniper.net BGP Troubleshooting • Lab 7–39


JNCIE Service Provider Bootcamp

0.0.0.0/0 *[OSPF/10] 00:44:52, metric 11


> to 172.27.0.26 via ge-0/0/1.0
to 172.27.0.21 via ge-0/0/2.0
The output shows that the route 35/8 is reachable from R5 because it has the 0/0 route in its
routing table.
lab@R5> show route hidden

inet.0: 904 destinations, 956 routes (904 active, 0 holddown, 0 hidden)

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

mpls.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

lab@R5> show route resolution unresolved


Tree Index 1
Tree Index 2
No hidden or unresolved routes exist.
TASK 6
All Customer C1 and C3 IPv6 prefixes as well as IPv6 default route
advertised by the Transit provider must be active and reachable on
R1, R2, R3 and R4 routers.
TASK INTERPRETATION
The task is straightforward. The sample routes we use for troubleshooting in this step are the
following:
• C1 - 2008:4498:1::/64
• C3 - 2008:4498:2::/64
• T1 - ::/0
• T2 - ::/0
TASK COMPLETION
• R1:
lab@R1> show route 2008:4498:1::/64

inet6.0: 43 destinations, 80 routes (43 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

2008:4498:1::/64 *[BGP/170] 00:46:05, localpref 100, from 172.27.255.3


AS path: 65422 I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, Push 2
[BGP/170] 00:27:38, localpref 100, from 172.27.255.4
AS path: 65422 I, validation-state: unverified
> to 172.27.0.9 via ae0.0, Push 2

lab@R1> show route 2008:4498:2::/64

inet6.0: 43 destinations, 80 routes (43 active, 0 holddown, 0 hidden)

Lab 7–40 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
+ = Active Route, - = Last Active, * = Both

2008:4498:2::/64 *[BGP/170] 00:46:24, localpref 100, from 172.27.255.4


AS path: 65432 I, validation-state: unverified
> to 172.27.0.9 via ae0.0, Push 2
[BGP/170] 00:46:17, localpref 100, from 172.27.255.3
AS path: 65432 I, validation-state: unverified
> to 172.27.0.9 via ae0.0, Push 2

lab@R1> show route ::/0 exact

inet6.0: 43 destinations, 80 routes (43 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

::/0 *[BGP/170] 01:56:35, localpref 100, from 172.27.0.34


AS path: 1342930876 I, validation-state: unverified
> to ::172.27.0.34 via ge-0/0/2.0
All sample routes are active and reachable.
• R2:
lab@R2> show route 2008:4498:1::/64

inet6.0: 45 destinations, 85 routes (45 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

2008:4498:1::/64 *[BGP/170] 00:28:59, localpref 100, from 172.27.255.4


AS path: 65422 I, validation-state: unverified
> to 172.27.0.6 via ge-0/0/4.0, Push 2
[BGP/170] 00:47:26, localpref 100, from 172.27.255.3
AS path: 65422 I, validation-state: unverified
> to 172.27.0.1 via ge-0/0/1.0, Push 2, Push 299856(top)
to 172.27.0.6 via ge-0/0/4.0, Push 2, Push 299808(top)

lab@R2> show route 2008:4498:2::/64

inet6.0: 45 destinations, 85 routes (45 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

2008:4498:2::/64 *[BGP/170] 00:47:45, localpref 100, from 172.27.255.4


AS path: 65432 I, validation-state: unverified
> to 172.27.0.6 via ge-0/0/4.0, Push 2
[BGP/170] 00:47:38, localpref 100, from 172.27.255.3
AS path: 65432 I, validation-state: unverified
> to 172.27.0.6 via ge-0/0/4.0, Push 2

lab@R2> show route ::/0 exact

inet6.0: 45 destinations, 85 routes (45 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

inet6.0: 45 destinations, 85 routes (45 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

www.juniper.net BGP Troubleshooting • Lab 7–41


JNCIE Service Provider Bootcamp
::/0 *[BGP/170] 02:24:13, localpref 100, from 172.27.0.66
AS path: 1342930876 I, validation-state: unverified
to ::172.27.0.38 via ge-0/0/2.0
> to ::172.27.0.66 via ge-0/0/3.0
[BGP/170] 02:24:09, localpref 100, from 172.27.0.38
AS path: 1342930876 I, validation-state: unverified
> to ::172.27.0.38 via ge-0/0/2.0
[BGP/170] 00:48:19, localpref 100, from 172.27.255.3
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.1 via ge-0/0/1.0, Push 2
[BGP/170] 00:29:53, localpref 100, from 172.27.255.4
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.6 via ge-0/0/4.0, Push 2
All sample routes are active and reachable.
• R3:
lab@R3> show route 2008:4498:1::/64

inet6.0: 41 destinations, 45 routes (41 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

2008:4498:1::/64 *[BGP/170] 00:49:05, localpref 100


AS path: 65422 I, validation-state: unverified
> to 2008:4498::2 via ge-0/0/4.0

lab@R3> show route 2008:4498:2::/64

inet6.0: 41 destinations, 45 routes (41 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

2008:4498:2::/64 *[BGP/170] 00:48:59, localpref 100, from 172.27.255.4


AS path: 65432 I, validation-state: unverified
> to 172.27.0.18 via ge-0/0/2.0, Push 2

lab@R3> show route ::/0 exact

inet6.0: 41 destinations, 45 routes (41 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

::/0 *[BGP/170] 00:49:54, localpref 100, from 172.27.255.1


AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.14 via ge-0/0/1.0, Push 2
[BGP/170] 00:49:54, localpref 100, from 172.27.255.2
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.14 via ge-0/0/1.0, Push 2, Push 299808(top)
to 172.27.0.18 via ge-0/0/2.0, Push 2, Push 299776(top)
All sample routes are active and reachable.
• R4:
lab@R4> show route 2008:4498:1::/64

inet6.0: 42 destinations, 47 routes (42 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

Lab 7–42 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
2008:4498:1::/64 *[BGP/170] 00:50:27, localpref 100, from 172.27.255.3
AS path: 65422 I, validation-state: unverified
> to 172.27.0.17 via ge-0/0/5.0, Push 2

lab@R4> show route 2008:4498:2::/64

inet6.0: 42 destinations, 47 routes (42 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

2008:4498:2::/64 *[BGP/170] 00:51:06, localpref 100


AS path: 65432 I, validation-state: unverified
> to 2008:4498:0:1::2 via ge-0/0/2.0

lab@R4> show route ::/0 exact

inet6.0: 42 destinations, 47 routes (42 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

::/0 *[BGP/170] 00:51:19, localpref 100, from 172.27.255.1


AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.10 via ae0.0, Push 2
[BGP/170] 00:51:19, localpref 100, from 172.27.255.2
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.5 via ge-0/0/1.0, Push 2
All sample routes are active and reachable.
TASK 7
Troubleshoot the implemented policies and ensure that they operate
as expected.
TASK INTERPRETATION
In the initial lab setup, four sets of policies are implemented:
• Policies implemented at R1, R2, R3, and R5 routers that should advertise a summary
route representing local AS IPv4 range to the Peer (P), Transit provider (T1 and T2),
and the C2 Customer.
• Policies implemented at R1 and R2 routers that should advertise only a summary
route representing local AS IPv6 range to the Transit provider and block all other IPv6
routes.
• Policies implemented at R1, R2, and R3 routers that should not accept IPv4 routes
with a mask shorter than /8 or longer than /24 from the Peer (P) and Transit provider.
• A policy implemented at R5 that should prefer routes received from C2 Customer
directly to the same prefix learned from either a Peer (P) or a Transit provider.
Ensure that the policies operate correctly.
TASK COMPLETION
• R1:
First, fix the problems discovered at the previous steps in this part.

www.juniper.net BGP Troubleshooting • Lab 7–43


JNCIE Service Provider Bootcamp
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# set policy-options policy-statement NHS term 1 from protocol bgp

[edit]
lab@R1# set policy-options policy-statement NHS term 1 from route-type external

[edit]
lab@R1# set policy-options policy-statement NHS term 1 then next-hop self

[edit]
lab@R1# set protocols bgp group IBGP export NHS

[edit]
lab@R1# commit
commit complete

[edit]
lab@R1# run show route advertising-protocol bgp 172.27.255.3 35/8

inet.0: 918 destinations, 954 routes (913 active, 0 holddown, 6 hidden)


Prefix Nexthop MED Lclpref AS path
* 35.0.0.0/8 Self 100 1342930876 8918 237 I

[edit]
lab@R1# run show route advertising-protocol bgp 172.27.255.4 35/8

inet.0: 918 destinations, 954 routes (913 active, 0 holddown, 6 hidden)


Prefix Nexthop MED Lclpref AS path
* 35.0.0.0/8 Self 100 1342930876 8918 237 I
The output shows that the problem with next-hop-self policy is fixed.
[edit]
lab@R1# run show route advertising-protocol bgp 172.27.0.30 172.27/16

inet.0: 918 destinations, 954 routes (913 active, 0 holddown, 6 hidden)


Prefix Nexthop MED Lclpref AS path
* 172.27.0.0/16 Self I

[edit]
lab@R1# run show route advertising-protocol bgp 172.27.0.34 172.27/16

inet.0: 918 destinations, 954 routes (913 active, 0 holddown, 6 hidden)


Prefix Nexthop MED Lclpref AS path
* 172.27.0.0/16 Self I
The output shows that the local IPv4 range 172.16.0.0/16 is advertised to EBGP peers.
[edit]
lab@R1# run show route advertising-protocol bgp 172.27.0.34 table inet6.0

inet6.0: 41 destinations, 76 routes (41 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498::/32 Self {65422 65432} I

Lab 7–44 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
* 2008:4498:1::/64 Self 65422 I
* 2008:4498:1:1::/64 Self 65422 I
* 2008:4498:1:2::/64 Self 65422 I
* 2008:4498:1:3::/64 Self 65422 I
* 2008:4498:1:4::/64 Self 65422 I
* 2008:4498:1:5::/64 Self 65422 I
* 2008:4498:1:6::/64 Self 65422 I
* 2008:4498:1:7::/64 Self 65422 I
* 2008:4498:1:8::/64 Self 65422 I
* 2008:4498:1:9::/64 Self 65422 I
* 2008:4498:1:a::/64 Self 65422 I
* 2008:4498:1:b::/64 Self 65422 I
* 2008:4498:1:c::/64 Self 65422 I
* 2008:4498:1:d::/64 Self 65422 I
* 2008:4498:1:e::/64 Self 65422 I
* 2008:4498:1:f::/64 Self 65422 I
* 2008:4498:2::/64 Self 65432 I
* 2008:4498:2:1::/64 Self 65432 I
* 2008:4498:2:2::/64 Self 65432 I
* 2008:4498:2:3::/64 Self 65432 I
* 2008:4498:2:4::/64 Self 65432 I
* 2008:4498:2:5::/64 Self 65432 I
* 2008:4498:2:6::/64 Self 65432 I
* 2008:4498:2:7::/64 Self 65432 I
* 2008:4498:2:8::/64 Self 65432 I
* 2008:4498:2:9::/64 Self 65432 I
* 2008:4498:2:a::/64 Self 65432 I
* 2008:4498:2:b::/64 Self 65432 I
* 2008:4498:2:c::/64 Self 65432 I
* 2008:4498:2:d::/64 Self 65432 I
* 2008:4498:2:e::/64 Self 65432 I
* 2008:4498:2:f::/64 Self 65432 I
The output shows that export policy incorrectly advertises number of specific IPv6 routes in
addition to the local IPv6 range 2008:4498::/32.
[edit]
lab@R1# show policy-options policy-statement to-T1
term 1 {
from {
protocol aggregate;
route-filter 172.27.0.0/16 exact;
}
then accept;
}
term 2 {
from {
protocol aggregate;
rib inet6.0;
route-filter 2008:4498::/32 exact;
}
then accept;
}

[edit]
lab@R1# set policy-options policy-statement to-T1 term 3 from rib inet6.0

www.juniper.net BGP Troubleshooting • Lab 7–45


JNCIE Service Provider Bootcamp

[edit]
lab@R1# set policy-options policy-statement to-T1 term 3 from route-filter
2008:4498::/32 longer

[edit]
lab@R1# set policy-options policy-statement to-T1 term 3 then reject

[edit]
lab@R1# commit
commit complete

[edit]
lab@R1# run show route advertising-protocol bgp 172.27.0.34 table inet6.0

inet6.0: 41 destinations, 76 routes (41 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498::/32 Self {65422 65432} I
The output shows that the problem with IPv6 export policy is fixed. First fix the problems
discovered at the previous steps in this part.
• R2:
lab@R2> configure
Entering configuration mode

[edit]
lab@R2# show policy-options policy-statement from-T1
term 1 {
from {
as-path AS1342930876;
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
to rib inet.0;
then accept;
}
term 2 {
to rib inet6.0;
then accept;
}
term 3 {
then reject;
}

[edit]
lab@R2# show policy-options policy-statement from-T2
term 1 {
from {
as-path AS1342930876;
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
to rib inet.0;
then accept;
}
term 2 {

Lab 7–46 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
to rib inet6.0;
then accept;
}
term 3 {
then reject;
}

[edit]
lab@R2# delete policy-options policy-statement from-T1 term 1 from as-path

[edit]
lab@R2# delete policy-options policy-statement from-T2 term 1 from as-path

[edit]
lab@R2# commit
commit complete

[edit]
lab@R2# run show route hidden terse

inet.0: 917 destinations, 3501 routes (912 active, 0 holddown, 10 hidden)


+ = Active Route, - = Last Active, * = Both

A V Destination P Prf Metric 1 Metric 2 Next hop AS path


? 12.16.126.192/26 B 100 1342930876 8918
10578 14325 ?
unverified >172.27.0.38
? B 100 1342930876 8918
10578 14325 ?
unverified >172.27.0.66
? 65.114.168.192/26 B 100 1342930876 8918
10886 7082 I
unverified >172.27.0.38
? B 100 1342930876 8918
10886 7082 I
unverified >172.27.0.66
? 65.115.176.32/27 B 100 1342930876 8918
10764 20080 3681 4511 4511 4511 I
unverified >172.27.0.38
? B 100 1342930876 8918
10764 20080 3681 4511 4511 4511 I
unverified >172.27.0.66
? 65.127.62.0/27 B 100 1342930876 8918
14048 16989 I
unverified >172.27.0.38
? B 100 1342930876 8918
14048 16989 I
unverified >172.27.0.66
? 129.238.116.0/27 B 100 1342930876 8918
668 I
unverified >172.27.0.38
? B 100 1342930876 8918
668 I
unverified >172.27.0.66

www.juniper.net BGP Troubleshooting • Lab 7–47


JNCIE Service Provider Bootcamp
inet.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

mpls.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)

inet6.0: 45 destinations, 85 routes (45 active, 0 holddown, 0 hidden)

inet6.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

inet6.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

[edit]
lab@R2# run show route advertising-protocol bgp 172.27.255.3 35/8

inet.0: 917 destinations, 3501 routes (912 active, 0 holddown, 10 hidden)


Prefix Nexthop MED Lclpref AS path
* 35.0.0.0/8 Self 100 1342930876 8918 237 I

[edit]
lab@R2# run show route advertising-protocol bgp 172.27.255.4 35/8

inet.0: 917 destinations, 3501 routes (912 active, 0 holddown, 10 hidden)


Prefix Nexthop MED Lclpref AS path
* 35.0.0.0/8 Self 100 1342930876 8918 237 I
The output shows that the problem with EBGP import policy is fixed.
[edit]
lab@R2# run show route advertising-protocol bgp 172.27.0.66 172.27/16

inet.0: 917 destinations, 3501 routes (912 active, 0 holddown, 10 hidden)


Prefix Nexthop MED Lclpref AS path
* 172.27.0.0/16 Self I

[edit]
lab@R2# run show route advertising-protocol bgp 172.27.0.38 172.27/16

inet.0: 917 destinations, 3501 routes (912 active, 0 holddown, 10 hidden)


Prefix Nexthop MED Lclpref AS path
* 172.27.0.0/16 Self I
The output shows that the local IPv4 range 172.16.0.0/16 is advertised to EBGP peers.
[edit]
lab@R2# run show route advertising-protocol bgp 172.27.0.66 table inet6.0

inet6.0: 43 destinations, 81 routes (43 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498::/32 Self {65422 65432} I

[edit]
lab@R2# run show route advertising-protocol bgp 172.27.0.38 table inet6.0

inet6.0: 43 destinations, 81 routes (43 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 2008:4498::/32 Self {65422 65432} I

Lab 7–48 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
The output shows that the local IPv6 range 2008:4498::/32 is advertised to EBGP peers. First
fix the problems discovered at the previous steps in this part.
• R3:
lab@R3> show route 35/8

inet.0: 911 destinations, 1796 routes (911 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

35.0.0.0/8 *[BGP/170] 00:08:20, localpref 100, from 172.27.255.1


AS path: 1342930876 8918 237 I, validation-state: unverified
> to 172.27.0.14 via ge-0/0/1.0
[BGP/170] 00:04:28, localpref 100, from 172.27.255.2
AS path: 1342930876 8918 237 I, validation-state: unverified
> to 172.27.0.14 via ge-0/0/1.0
to 172.27.0.18 via ge-0/0/2.0

lab@R3> show route 111.111.1/24

inet.0: 911 destinations, 1796 routes (911 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 00:08:49, localpref 100, from 172.27.255.1


AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.14 via ge-0/0/1.0
[BGP/170] 01:01:24, localpref 100, from 172.27.255.2
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.14 via ge-0/0/1.0
to 172.27.0.18 via ge-0/0/2.0
The output shows that the problem with the routes 35/8 and 111.111.1/24 indirect next hop is
now fixed.
lab@R3> configure
Entering configuration mode

[edit]
lab@R3# show protocols bgp group P
type external;
export to-P;
peer-as 2087403078;
neighbor 172.27.0.62;

[edit]
lab@R3# set policy-options policy-statement from-P term 1 from protocol bgp

[edit]
lab@R3# set policy-options policy-statement from-P term 1 from route-filter
0.0.0.0/0 prefix-length-range /8-/24

[edit]
lab@R3# set policy-options policy-statement from-P term 1 then accept

[edit]
lab@R3# set policy-options policy-statement from-P term 2 then reject

www.juniper.net BGP Troubleshooting • Lab 7–49


JNCIE Service Provider Bootcamp
[edit]
lab@R3# show policy-options policy-statement from-P
term 1 {
from {
protocol bgp;
route-filter 0.0.0.0/0 prefix-length-range /8-/24;
}
then accept;
}
term 2 {
then reject;
}

[edit]
lab@R3# set protocols bgp group P import from-P

[edit]
lab@R3# commit
commit complete

[edit]
lab@R3# run show route protocol bgp terse | match "(/2[5-9])|(/3[0-2])"

[edit]
lab@R3# run show route hidden

inet.0: 911 destinations, 1796 routes (910 active, 0 holddown, 1 hidden)


+ = Active Route, - = Last Active, * = Both

150.150.13.0/25 [BGP ] 01:03:27, localpref 100


AS path: 2087403078 I, validation-state: unverified
> to 172.27.0.62 via ge-0/0/5.0

inet.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

mpls.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)

inet6.0: 40 destinations, 44 routes (40 active, 0 holddown, 0 hidden)

inet6.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)


The output shows that the problem with EBGP import policy is fixed.
[edit]
lab@R3# run show route advertising-protocol bgp 172.27.0.62 172.27/16

inet.0: 911 destinations, 1796 routes (910 active, 0 holddown, 1 hidden)


Prefix Nexthop MED Lclpref AS path
* 172.27.0.0/16 Self I
The output shows that the local IPv4 range 172.16.0.0/16 is advertised to EBGP peers. First fix
the problems discovered at the previous steps in this part.
• R4:

Lab 7–50 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
lab@R4> show route 35/8

inet.0: 909 destinations, 1794 routes (909 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

35.0.0.0/8 *[BGP/170] 00:16:25, localpref 100, from 172.27.255.1


AS path: 1342930876 8918 237 I, validation-state: unverified
> to 172.27.0.10 via ae0.0
[BGP/170] 00:12:34, localpref 100, from 172.27.255.2
AS path: 1342930876 8918 237 I, validation-state: unverified
> to 172.27.0.5 via ge-0/0/1.0

lab@R4> show route 111.111.1/24

inet.0: 909 destinations, 1794 routes (909 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

111.111.1.0/24 *[BGP/170] 00:24:55, localpref 100, from 172.27.255.1


AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.10 via ae0.0
[BGP/170] 01:17:21, localpref 100, from 172.27.255.2
AS path: 1342930876 I, validation-state: unverified
> to 172.27.0.5 via ge-0/0/1.0
The output shows that the problem with the routes 35/8 and 111.111.1/24 reachability through
both R1 and R2 is now fixed. First fix the problems discovered at the previous steps in this part.
• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# run show route advertising-protocol bgp 172.27.255.3 202.202/24

inet.0: 903 destinations, 1799 routes (903 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 202.202.0.0/24 Self 100 65512 65512 I

[edit]
lab@R5# run show route advertising-protocol bgp 172.27.255.4 202.202/24

inet.0: 903 destinations, 1799 routes (903 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 202.202.0.0/24 Self 100 65512 65512 I
The output shows that local preference is not set to a higher value to make other routers in your
AS prefer C2 customer routes received directly from the customer.
[edit]
lab@R5# show protocols bgp group C2
type external;
traceoptions {
file bgp-trace.log;
flag all detail;
}
multihop;

www.juniper.net BGP Troubleshooting • Lab 7–51


JNCIE Service Provider Bootcamp
local-address 172.27.255.5;
export to-C2;
peer-as 65512;
neighbor 202.202.0.1;

[edit]
lab@R5# set policy-options policy-statement from-C2 term 1 then local-preference
200

[edit]
lab@R5# show policy-options policy-statement from-C2
term 1 {
then {
local-preference 200;
}
}

[edit]
lab@R5# set protocols bgp group C2 import from-C2

[edit]
lab@R5# commit
commit complete

[edit]
lab@R5# run show route advertising-protocol bgp 172.27.255.3 202.202/24

inet.0: 903 destinations, 1785 routes (903 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 202.202.0.0/24 Self 200 65512 65512 I

[edit]
lab@R5# run show route advertising-protocol bgp 172.27.255.4 202.202/24

inet.0: 903 destinations, 1785 routes (903 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 202.202.0.0/24 Self 200 65512 65512 I
The output shows that the problem with policy setting BGP local preference is fixed.
[edit]
lab@R5# run show route advertising-protocol bgp 202.202.0.1 172.27/16
The output shows that the local IPv4 range 172.27.0.0/16 is not advertised. To solve the
problem, you must get the route 172.27.0.0/16 from either static or dynamic routing protocol.
The static route is not allowed. You cannot configure an aggregate route because it will lead to
dropping the IBGP sessions. You cannot use OSPF or LDP because R5 is in the totally stubby
area. The only remaining option is to deliver the route using BGP. Note that the following
configuration is applied on R3 and R4 routers.
• R3:
[edit]
lab@R3# set policy-options policy-statement LOCAL-RANGE term 1 from protocol
aggregate

Lab 7–52 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
[edit]
lab@R3# set policy-options policy-statement LOCAL-RANGE term 1 from route-filter
172.27.0.0/16 exact

[edit]
lab@R3# set policy-options policy-statement LOCAL-RANGE term 1 then next-hop
172.27.0.26

[edit]
lab@R3# set policy-options policy-statement LOCAL-RANGE term 1 then accept

[edit]
lab@R3# show policy-options policy-statement LOCAL-RANGE
term 1 {
from {
protocol aggregate;
route-filter 172.27.0.0/16 exact;
}
then {
next-hop 172.27.0.26;
accept;
}
}

[edit]
lab@R3# set protocols bgp group Clients neighbor 172.27.255.5 export NHS

[edit]
lab@R3# set protocols bgp group Clients neighbor 172.27.255.5 export LOCAL-RANGE

[edit]
lab@R3# show protocols bgp group Clients
type internal;
local-address 172.27.255.3;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$H.fz9A0hSe36SevW-dk.P"; ## SECRET-DATA
export [ NHS IPv6-DIRECT ];
cluster 0.0.0.1;
neighbor 172.27.255.1;
neighbor 172.27.255.2;
neighbor 172.27.255.5 {
export [ NHS LOCAL-RANGE ];
}
neighbor 172.27.255.4;

[edit]
lab@R3# commit
commit complete

www.juniper.net BGP Troubleshooting • Lab 7–53


JNCIE Service Provider Bootcamp

[edit]
lab@R3# run show route advertising-protocol bgp 172.27.255.5 172.27/16

inet.0: 911 destinations, 1789 routes (910 active, 0 holddown, 1 hidden)


Prefix Nexthop MED Lclpref AS path
* 172.27.0.0/16 172.27.0.26 100 I

• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# set policy-options policy-statement LOCAL-RANGE term 1 from protocol
aggregate

[edit]
lab@R4# set policy-options policy-statement LOCAL-RANGE term 1 from route-filter
172.27.0.0/16 exact

[edit]
lab@R4# set policy-options policy-statement LOCAL-RANGE term 1 then next-hop
172.27.0.21

[edit]
lab@R4# set policy-options policy-statement LOCAL-RANGE term 1 then accept

[edit]
lab@R4# show policy-options policy-statement LOCAL-RANGE
term 1 {
from {
protocol aggregate;
route-filter 172.27.0.0/16 exact;
}
then {
next-hop 172.27.0.21;
accept;
}
}

[edit]
lab@R4# set protocols bgp group Clients neighbor 172.27.255.5 export NHS

[edit]
lab@R4# set protocols bgp group Clients neighbor 172.27.255.5 export LOCAL-RANGE

[edit]
lab@R4# show protocols bgp group Clients
type internal;
local-address 172.27.255.4;
family inet {
unicast;
}
family inet6 {

Lab 7–54 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
labeled-unicast {
explicit-null;
}
}
authentication-key "$9$R01crvxNboJDWLJDikTQEcy"; ## SECRET-DATA
export [ NHS IPv6-DIRECT ];
cluster 0.0.0.1;
neighbor 172.27.255.1;
neighbor 172.27.255.2;
neighbor 172.27.255.5 {
export [ NHS LOCAL-RANGE ];
}
neighbor 172.27.255.3;

[edit]
lab@R4# commit
commit complete

[edit]
lab@R4# run show route advertising-protocol bgp 172.27.255.5 172.27/16

inet.0: 909 destinations, 1780 routes (909 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 172.27.0.0/16 172.27.0.21 100 I
R3 and R4 now advertise the 172.27.0.0/16 route to R5 using BGP next hops that R5 can
resolve.
• R5:
[edit]
lab@R5# run show route advertising-protocol bgp 202.202.0.1 172.27/16

inet.0: 904 destinations, 1787 routes (904 active, 0 holddown, 0 hidden)


Prefix Nexthop MED Lclpref AS path
* 172.27.0.0/16 Self I
TASK 8
Ensure there are no suboptimal paths taken for all routes.
TASK INTERPRETATION
An incorrectly implemented BGP policy can influence the path traffic normally takes using IGP
shortest path. Ensure that traffic follows the IGP shortest path for all the external BGP-learned
destinations.
TASK COMPLETION
• R1:
[edit]
lab@R1# exit
Exiting configuration mode

lab@R1> traceroute 202.202.0.1


traceroute to 202.202.0.1 (202.202.0.1), 30 hops max, 40 byte packets
1 172.27.0.9 (172.27.0.9) 7.941 ms 7.115 ms 7.884 ms

www.juniper.net BGP Troubleshooting • Lab 7–55


JNCIE Service Provider Bootcamp
2 172.27.0.22 (172.27.0.22) 7.920 ms 7.328 ms 6.646 ms
3 202.202.0.1 (202.202.0.1) 6.958 ms 9.708 ms 6.701 ms

lab@R1> traceroute 150.150.0.1


traceroute to 150.150.0.1 (150.150.0.1), 30 hops max, 40 byte packets
1 150.150.0.1 (150.150.0.1) 7.418 ms 5.056 ms 7.913 ms

lab@R1> traceroute 111.111.0.1


traceroute to 111.111.0.1 (111.111.0.1), 30 hops max, 40 byte packets
traceroute: sendto: No route to host
1 traceroute: wrote 111.111.0.1 40 chars, ret=-1
^C
lab@R1> traceroute 111.111.1.1
traceroute to 111.111.1.1 (111.111.1.1), 30 hops max, 40 byte packets
1 172.27.0.34 (172.27.0.34) 9.263 ms !N 7.026 ms !N 8.075 ms !N
IPv4 traffic takes optimal paths.
lab@R1> traceroute 2008:4498:1::1
traceroute6 to 2008:4498:1::1 (2008:4498:1::1) from ::172.27.0.33, 64 hops max, 12
byte packets
1 2008:4498::1 (2008:4498::1) 5.323 ms 4.372 ms 5.273 ms
2 2008:4498:1::1 (2008:4498:1::1) 12.372 ms 9.777 ms 10.217 ms

lab@R1> traceroute 2008:4498:2::1


traceroute6 to 2008:4498:2::1 (2008:4498:2::1) from ::172.27.0.33, 64 hops max, 12
byte packets
1 2008:4498:0:1::1 (2008:4498:0:1::1) 5.714 ms 7.332 ms 8.522 ms
2 2008:4498:2::1 (2008:4498:2::1) 6.407 ms 7.720 ms 7.018 ms
IPv6 traffic takes optimal paths.
• R2:
[edit]
lab@R2# exit
Exiting configuration mode

lab@R2> traceroute 202.202.0.1


traceroute to 202.202.0.1 (202.202.0.1), 30 hops max, 40 byte packets
1 172.27.0.6 (172.27.0.6) 7.308 ms 7.584 ms 7.717 ms
2 172.27.0.22 (172.27.0.22) 12.258 ms 11.609 ms 9.427 ms
3 202.202.0.1 (202.202.0.1) 11.055 ms 8.979 ms 10.982 ms

lab@R2> traceroute 150.150.0.1


traceroute to 150.150.0.1 (150.150.0.1), 30 hops max, 40 byte packets
1 172.27.0.6 (172.27.0.6) 7.002 ms 7.082 ms 6.985 ms
2 172.27.0.10 (172.27.0.10) 9.243 ms 7.951 ms 7.211 ms
3 150.150.0.1 (150.150.0.1) 8.744 ms 8.247 ms 7.004 ms

lab@R2> traceroute 111.111.1.1


traceroute to 111.111.1.1 (111.111.1.1), 30 hops max, 40 byte packets
1 172.27.0.66 (172.27.0.66) 6.890 ms !N 7.111 ms !N 6.913 ms !N
The output shows that traffic for 202.202.0.1 and 111.111.1.1 takes optimal paths, but the
traffic going to 150.150.0.1 takes a suboptimal path using R4. This reveals a potential problem
with incorrectly applied policy on R4 that influences traffic paths.

Lab 7–56 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
lab@R2> show route 150.150.0.1 detail

inet.0: 916 destinations, 3499 routes (911 active, 0 holddown, 10 hidden)


150.150.0.0/24 (2 entries, 1 announced)
*BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x95848f8
Next-hop reference count: 924
Source: 172.27.255.4
Next hop type: Router, Next hop index: 602
Next hop: 172.27.0.6 via ge-0/0/4.0, selected
Session Id: 0x2
Protocol next hop: 172.27.255.4
Indirect next hop: 95c7928 262147 INH Session ID: 0xc
State: <Active Int Ext>
Local AS: 3895077211 Peer AS: 3895077211
Age: 43:50 Metric2: 1
Validation State: unverified
Task: BGP_3895077211.172.27.255.4+179
Announcement bits (3): 0-KRT 6-BGP_RT_Background 7-Resolve tree 2
AS path: 2087403078 I (Originator)
Cluster list: 0.0.0.1
Originator ID: 172.27.255.1
Accepted
Localpref: 100
Router ID: 172.27.255.4
BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x963c18c
Next-hop reference count: 16
Source: 172.27.255.3
Next hop type: Router, Next hop index: 262143
Next hop: 172.27.0.1 via ge-0/0/1.0, selected
Session Id: 0x1
Next hop: 172.27.0.6 via ge-0/0/4.0
Session Id: 0x2
Protocol next hop: 172.27.255.3
Indirect next hop: 9594000 262142 INH Session ID: 0x6
State: <NotBest Int Ext>
Inactive reason: Not Best in its group - IGP metric
Local AS: 3895077211 Peer AS: 3895077211
Age: 1:36:26 Metric2: 2
Validation State: unverified
Task: BGP_3895077211.172.27.255.3+179
AS path: 2087403078 I
Accepted
Localpref: 100
Router ID: 172.27.255.3
The output shows that BGP next hop for the 150.150.0.0/24 is R4 (172.27.255.4) that confirms
that R4 incorrectly applies the next-hop-self policy.
lab@R2> traceroute 2008:4498:1::1 source ::172.27.0.65
traceroute6 to 2008:4498:1::1 (2008:4498:1::1) from ::172.27.0.65, 64 hops max, 12
byte packets

www.juniper.net BGP Troubleshooting • Lab 7–57


JNCIE Service Provider Bootcamp
1 ::172.27.0.33 (::172.27.0.33) 23.592 ms 2008:4498:0:1::1 (2008:4498:0:1::1)
29.769 ms 29.032 ms
MPLS Label=299808 CoS=0 TTL=1 S=0
MPLS Label=2 CoS=0 TTL=1 S=1
2 2008:4498::1 (2008:4498::1) 29.551 ms 29.352 ms 30.037 ms
3 2008:4498:1::1 (2008:4498:1::1) 39.962 ms 39.399 ms 40.036 ms

lab@R2> traceroute 2008:4498:2::1 source ::172.27.0.65


traceroute6 to 2008:4498:2::1 (2008:4498:2::1) from ::172.27.0.65, 64 hops max, 12
byte packets
1 2008:4498:0:1::1 (2008:4498:0:1::1) 22.916 ms 19.286 ms 19.782 ms
2 2008:4498:2::1 (2008:4498:2::1) 29.967 ms 29.475 ms 31.075 ms

lab@R2> show route 2008:4498:1::1 detail

inet6.0: 45 destinations, 85 routes (45 active, 0 holddown, 2 hidden)


2008:4498:1::/64 (2 entries, 1 announced)
*BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x9587664
Next-hop reference count: 120
Source: 172.27.255.4
Next hop type: Router, Next hop index: 608
Next hop: 172.27.0.6 via ge-0/0/4.0, selected
Label operation: Push 2
Label TTL action: prop-ttl
Session Id: 0x2
Protocol next hop: ::ffff:172.27.255.4
Push 2
Indirect next hop: 9129300 262148 INH Session ID: 0x5
State: <Active Int Ext>
Local AS: 3895077211 Peer AS: 3895077211
Age: 1:12 Metric2: 1
Validation State: unverified
Task: BGP_3895077211.172.27.255.4+179
Announcement bits (3): 0-KRT 1-Aggregate 3-Resolve tree 3
AS path: 65422 I (Originator)
Cluster list: 0.0.0.1
Originator ID: 172.27.255.3
Accepted
Route Label: 2
Localpref: 100
Router ID: 172.27.255.4
BGP Preference: 170/-101
Next hop type: Indirect
Address: 0x963c2bc
Next-hop reference count: 17
Source: 172.27.255.3
Next hop type: Router, Next hop index: 262146
Next hop: 172.27.0.1 via ge-0/0/1.0, selected
Label operation: Push 2, Push 299856(top)
Label TTL action: prop-ttl, prop-ttl(top)
Session Id: 0x1
Next hop: 172.27.0.6 via ge-0/0/4.0
Label operation: Push 2, Push 299808(top)

Lab 7–58 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
Label TTL action: prop-ttl, prop-ttl(top)
Session Id: 0x2
Protocol next hop: ::ffff:172.27.255.3
Push 2
Indirect next hop: 9128d00 262144 INH Session ID: 0x8
State: <NotBest Int Ext>
Inactive reason: Not Best in its group - IGP metric
Local AS: 3895077211 Peer AS: 3895077211
Age: 4:34:25 Metric2: 2
Validation State: unverified
Task: BGP_3895077211.172.27.255.3+179
AS path: 65422 I
Accepted
Route Label: 2
Localpref: 100
Router ID: 172.27.255.3

The traceroute shows that IPv6 traffic takes the optimal path, but the detailed output for the
2008:4498:1::/64 prefix shows that BGP next hop is changed by R4 to self.
• R3:
[edit]
lab@R3# exit
Exiting configuration mode

lab@R3> traceroute 202.202.0.1


traceroute to 202.202.0.1 (202.202.0.1), 30 hops max, 40 byte packets
1 172.27.0.25 (172.27.0.25) 7.092 ms 7.606 ms 7.021 ms
2 202.202.0.1 (202.202.0.1) 5.960 ms 6.664 ms 5.875 ms

lab@R3> traceroute 150.150.0.1


traceroute to 150.150.0.1 (150.150.0.1), 30 hops max, 40 byte packets
1 150.150.0.1 (150.150.0.1) 5.860 ms 7.413 ms 4.728 ms

lab@R3> traceroute 111.111.1.1


traceroute to 111.111.1.1 (111.111.1.1), 30 hops max, 40 byte packets
1 172.27.0.14 (172.27.0.14) 6.231 ms 6.136 ms 5.960 ms
2 172.27.0.34 (172.27.0.34) 8.912 ms !N 9.316 ms !N 8.969 ms !N
IPv4 traffic takes optimal paths.
lab@R3> traceroute 2008:4498:1::1
traceroute6 to 2008:4498:1::1 (2008:4498:1::1) from 2008:4498::1, 64 hops max, 12
byte packets
1 2008:4498:1::1 (2008:4498:1::1) 7.815 ms 5.206 ms 7.972 ms

lab@R3> traceroute 2008:4498:2::1


traceroute6 to 2008:4498:2::1 (2008:4498:2::1) from 2008:4498::1, 64 hops max, 12
byte packets
1 2008:4498:0:1::1 (2008:4498:0:1::1) 4.400 ms 4.540 ms 4.817 ms
2 2008:4498:2::1 (2008:4498:2::1) 6.350 ms 9.018 ms 6.724 ms
IPv6 traffic takes optimal paths.

www.juniper.net BGP Troubleshooting • Lab 7–59


JNCIE Service Provider Bootcamp
• R4:
Fix the problem with next-hop-self policy detected at the previous steps. R4 does not need the
next-hop-self policy in this topology because it does not have IPv4 EBGP sessions.
[edit]
lab@R4# delete protocols bgp group Clients export NHS

[edit]
lab@R4# delete protocols bgp group Clients neighbor 172.27.255.5 export NHS

[edit]
lab@R4# delete policy-options policy-statement NHS

[edit]
lab@R4# commit
commit complete

Now check that traffic to 150.150/24 destinations takes the optimal path at R2.
• R2:
lab@R2> traceroute 150.150.0.1
traceroute to 150.150.0.1 (150.150.0.1), 30 hops max, 40 byte packets
1 172.27.0.1 (172.27.0.1) 7.066 ms 6.874 ms 6.904 ms
2 150.150.0.1 (150.150.0.1) 7.875 ms 9.434 ms 9.811 ms
The output shows that the traffic takes the optimal path.
• R4:
[edit]
lab@R4# exit
Exiting configuration mode

lab@R4> traceroute 202.202.0.1


traceroute to 202.202.0.1 (202.202.0.1), 30 hops max, 40 byte packets
1 172.27.0.22 (172.27.0.22) 17.243 ms 7.727 ms 6.908 ms
2 202.202.0.1 (202.202.0.1) 9.240 ms 10.974 ms 8.413 ms

lab@R4> traceroute 150.150.0.1


traceroute to 150.150.0.1 (150.150.0.1), 30 hops max, 40 byte packets
1 172.27.0.10 (172.27.0.10) 7.552 ms 7.983 ms 8.082 ms
2 150.150.0.1 (150.150.0.1) 9.907 ms 6.169 ms 8.160 ms

lab@R4> traceroute 111.111.1.1


traceroute to 111.111.1.1 (111.111.1.1), 30 hops max, 40 byte packets
1 172.27.0.10 (172.27.0.10) 8.302 ms 8.075 ms 7.912 ms
2 172.27.0.34 (172.27.0.34) 8.949 ms !N 12.552 ms !N 10.761 ms !N
IPv4 traffic takes optimal paths.
lab@R4> traceroute 2008:4498:1::1
traceroute6 to 2008:4498:1::1 (2008:4498:1::1) from 2008:4498:0:1::1, 64 hops max,
12 byte packets
1 2008:4498::1 (2008:4498::1) 4.910 ms 6.239 ms 4.957 ms
2 2008:4498:1::1 (2008:4498:1::1) 5.972 ms 7.720 ms 6.687 ms

Lab 7–60 • BGP Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
lab@R4> traceroute 2008:4498:2::1
traceroute6 to 2008:4498:2::1 (2008:4498:2::1) from 2008:4498:0:1::1, 64 hops max,
12 byte packets
1 2008:4498:2::1 (2008:4498:2::1) 5.869 ms 5.742 ms 5.877 ms
IPv6 traffic takes optimal paths.
• R5:
[edit]
lab@R5# exit
Exiting configuration mode

lab@R5> traceroute 202.202.0.1


traceroute to 202.202.0.1 (202.202.0.1), 30 hops max, 40 byte packets
1 202.202.0.1 (202.202.0.1) 6.918 ms 10.114 ms 5.430 ms

lab@R5> traceroute 150.150.0.1


traceroute to 150.150.0.1 (150.150.0.1), 30 hops max, 40 byte packets
1 172.27.0.26 (172.27.0.26) 7.720 ms 8.417 ms 7.820 ms
2 150.150.0.1 (150.150.0.1) 8.933 ms 8.453 ms 7.762 ms

lab@R5> traceroute 111.111.1.1


traceroute to 111.111.1.1 (111.111.1.1), 30 hops max, 40 byte packets
1 172.27.0.26 (172.27.0.26) 8.235 ms 8.188 ms 8.081 ms
2 172.27.0.14 (172.27.0.14) 9.986 ms 9.250 ms 8.999 ms
3 172.27.0.34 (172.27.0.34) 9.911 ms !N 10.905 ms !N 10.814 ms !N
IPv4 traffic takes optimal paths.

STOP Tell your instructor that you have completed this lab.

www.juniper.net BGP Troubleshooting • Lab 7–61


JNCIE Service Provider Bootcamp

Lab 7–62 • BGP Troubleshooting www.juniper.net


Lab
Multicast Implementation and Troubleshooting

Overview
In this lab, you will be given a list of tasks specific to implementing and troubleshooting
multicast which you will need to accomplish within a specific time frame. You will have 1 hour to
complete the simulation.
By completing this lab, you will perform the following tasks:
• Configure all routers to participate in protocol independent multicast (PIM).
• Ensure that R1 and R2 are rendezvous points (RPs) for all groups in the PIM domain.
All routers should use the closest RP. You must use the virtual IP address of
172.27.255.11. The RP configuration must support only IPv4.
• Group 224.2.2.2 is critical for Rec2, and they have requested that the multicast
traffic always use the same path to keep traffic loss to a minimum (except in the
event of a failure). You cannot use policy, and you cannot alter routes in inet.0 to
accomplish this task. One static route can be used if needed to accomplish this task.
• Ensure that joins to source are load-balanced for groups sourced from S1.

www.juniper.net Multicast Implementation and Troubleshooting • Lab 8–1


JNCIE Service Provider Bootcamp

Configuring PIM
In this lab part, you will log in to your assigned routers and ensure that you are running the
correct startup configuration file for this lab. Refer to the network diagram for this lab for
topological and configuration details. You will then configure PIM. You must ensure the RP are
configured within the guidelines defined by the tasks in this lab.
Note
We recommend that you spend some time
investigating the current operation of your
routers. During the exam, you might be
given routers that are operating
inefficiently. Investigating operating issues
now might save you time troubleshooting
strange issues later.

INITIAL TASK
Access the CLI for your routers using either the console, Telnet, or SSH as directed by your
instructor. Refer to the management network diagram for the IP address associated with your
devices. Log in as user lab with the password lab123. Verify OSPF is configured and
neighborships are up, and that only the interfaces connecting the routers have an OSPF
neighborship.
TASK COMPLETION
• R1:
R1 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R1> show configuration protocols ospf
area 0.0.0.0 {
interface all;
interface ge-0/0/0.0 {
disable;
}
}

lab@R1> show ospf neighbor


Address Interface State ID Pri Dead
172.27.0.9 ae0.0 Full 172.27.255.4 128 37
172.27.0.2 ge-0/0/3.0 Full 172.27.255.2 128 39
172.27.0.13 ge-0/0/6.0 Full 172.27.255.3 128 36

lab@R1>
• R2:
R2 (ttyd0)

login: lab

Lab 8–2 • Multicast Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R2> show configuration protocols ospf
area 0.0.0.0 {
interface all;
interface ge-0/0/0.0 {
disable;
}
}

lab@R2> show ospf neighbor


Address Interface State ID Pri Dead
172.27.0.1 ge-0/0/1.0 Full 172.27.255.1 128 32
172.27.0.6 ge-0/0/4.0 Full 172.27.255.4 128 34

lab@R2>
• R3:
R3 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R3> show configuration protocols ospf
area 0.0.0.0 {
interface all;
interface ge-0/0/0.0 {
disable;
}
}

lab@R3> show ospf neighbor


Address Interface State ID Pri Dead
172.27.0.14 ge-0/0/1.0 Full 172.27.255.1 128 32
172.27.0.18 ge-0/0/2.0 Full 172.27.255.4 128 33
172.27.0.25 ge-0/0/3.0 Full 172.27.255.5 128 36

lab@R3>
• R4:
R4 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R4> show configuration protocols ospf
area 0.0.0.0 {
interface all;
interface ge-0/0/0.0 {
disable;
}
}

www.juniper.net Multicast Implementation and Troubleshooting • Lab 8–3


JNCIE Service Provider Bootcamp

lab@R4> show ospf neighbor


Address Interface State ID Pri Dead
172.27.0.10 ae0.0 Full 172.27.255.1 128 31
172.27.0.5 ge-0/0/1.0 Full 172.27.255.2 128 38
172.27.0.22 ge-0/0/4.0 Full 172.27.255.5 128 38
172.27.0.17 ge-0/0/5.0 Full 172.27.255.3 128 34

lab@R4>
• R5:
R5 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R5> show configuration protocols ospf
area 0.0.0.0 {
interface all;
interface ge-0/0/0.0 {
disable;
}
}

lab@R5> show ospf neighbor


Address Interface State ID Pri Dead
172.27.0.26 ge-0/0/1.0 Full 172.27.255.3 128 33
172.27.0.21 ge-0/0/2.0 Full 172.27.255.4 128 36

lab@R5>
TASK 1
Configure all routers to participate in PIM.
Note
We recommend that you include the
configuration steps for the second task
while you are configuring the first task. This
approach will save you some time and
effort as you move through the tasks of this
lab.

TASK 2
Ensure that R1 and R2 are RPs for all groups in the PIM domain. All
routers should use the closest RP. You must use the virtual IP
address of 172.27.255.11. The RP configuration must only be able to
support IPv4.

Lab 8–4 • Multicast Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
TASK INTERPRETATION
The task should be straight forward. Knowing that RPs are needed for the next task tells you that
PIM sparse mode (PIM-SM) must be configured. The requirements of using R1 and R2 as RPs
for all groups, and using the closest RP on all routers reveals that bootstrap or auto-RP is not
being used. This also further confirms PIM-SM is needed and not sparse-dense mode. The
requirements that a virtual IP address must be used, and that the RP configuration must
support only IPv4 confirms Multicast Source Discovery Protocol (MSDP) anycast RP must be
configured (instead of PIM anycast RP).
In this task, we configure the same virtual IP address (non-unique) that has been provided as a
secondary loopback address on both R1 and R2 (the required RPs). It is good practice to
configure the unique loopback address as primary to ensure it is selected as the primary. Next,
we set up MSPD between R1 and R2 using the unique loopback addresses. Finally, set up
protocol PIM on all routers. Configure R1 and R2 as a local RP using the non-unique loopback
address, and configure all other routers with a static RP to the non-unique loopback address.
You can use interface all under PIM without configuring a PIM mode, because PIM-SM is
the default PIM mode. Also, if you use interface all, disable the management interface for
best practice.
TASK COMPLETION
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# set interfaces lo0 unit 0 family inet address 172.27.255.1/32 primary

[edit]
lab@R1# set interfaces lo0 unit 0 family inet address 172.27.255.11/32

[edit]
lab@R1# show interfaces lo0
unit 0 {
family inet {
address 172.27.255.1/32 {
primary;
}
address 172.27.255.11/32;
}
}

[edit]
lab@R1# set protocols msdp group anycast-rp local-address 172.27.255.1

[edit]
lab@R1# set protocols msdp group anycast-rp peer 172.27.255.2

[edit]
lab@R1# set protocols pim rp local address 172.27.255.11

[edit]
lab@R1# set protocols pim interface all

www.juniper.net Multicast Implementation and Troubleshooting • Lab 8–5


JNCIE Service Provider Bootcamp
[edit]
lab@R1# set protocols pim interface ge-0/0/0 disable

[edit]
lab@R1# show protocols
msdp {
group anycast-rp {
local-address 172.27.255.1;
peer 172.27.255.2;
}
}
...
pim {
rp {
local {
address 172.27.255.11;
}
}
interface all;
interface ge-0/0/0.0 {
disable;
}
}

[edit]
lab@R1# commit

commit complete

[edit]
lab@R1#
• R2:
lab@R2> configure
Entering configuration mode

[edit]
lab@R2# set interfaces lo0 unit 0 family inet address 172.27.255.2/32 primary

[edit]
lab@R2# set interfaces lo0 unit 0 family inet address 172.27.255.11/32

[edit]
lab@R2# show interfaces lo0
unit 0 {
family inet {
address 172.27.255.2/32 {
primary;
}
address 172.27.255.11/32;
}
}

[edit]
lab@R2# set protocols msdp group anycast-rp local-address 172.27.255.2

Lab 8–6 • Multicast Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp

[edit]
lab@R2# set protocols msdp group anycast-rp peer 172.27.255.1

[edit]
lab@R2# set protocols pim rp local address 172.27.255.11

[edit]
lab@R2# set protocols pim interface all

[edit]
lab@R2# set protocols pim interface ge-0/0/0 disable

[edit]
lab@R2# show protocols
msdp {
group anycast-rp {
local-address 172.27.255.2;
peer 172.27.255.1;
}
}
...
pim {
rp {
local {
address 172.27.255.11;
}
}
interface all;
interface ge-0/0/0.0 {
disable;
}
}

[edit]
lab@R2# commit

commit complete

[edit]
lab@R2#
• R3:
lab@R3> configure
Entering configuration mode

[edit]
lab@R3# set protocols pim rp static address 172.27.255.11

[edit]
lab@R3# set protocols pim interface all

[edit]
lab@R3# set protocols pim interface ge-0/0/0 disable

www.juniper.net Multicast Implementation and Troubleshooting • Lab 8–7


JNCIE Service Provider Bootcamp
[edit]
lab@R3# show protocols pim
rp {
static {
address 172.27.255.11;
}
}
interface all;
interface ge-0/0/0.0 {
disable;
}

[edit]
lab@R3# commit

commit complete

[edit]
lab@R3#

• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# set protocols pim rp static address 172.27.255.11

[edit]
lab@R4# set protocols pim interface all

[edit]
lab@R4# set protocols pim interface ge-0/0/0 disable

[edit]
lab@R4# show protocols pim
rp {
static {
address 172.27.255.11;
}
}
interface all;
interface ge-0/0/0.0 {
disable;
}

[edit]
lab@R4# commit

commit complete

[edit]
lab@R4#

Lab 8–8 • Multicast Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# set protocols pim rp static address 172.27.255.11

[edit]
lab@R5# set protocols pim interface all

[edit]
lab@R5# set protocols pim interface ge-0/0/0 disable

[edit]
lab@R5# show protocols pim
rp {
static {
address 172.27.255.11;
}
}
interface all;
interface ge-0/0/0.0 {
disable;
}

[edit]
lab@R5# commit

commit complete

[edit]
lab@R5#

TASK VERIFICATION
Begin your verification by reviewing the status of the RPs on R1 and R2. Verify that R1 and R2
are local RPs and that they are the RPs for all groups.
• R1:
[edit]
lab@R1# exit
Exiting configuration mode

lab@R1> show pim rps extensive


Instance: PIM.master
Address family INET

RP: 172.27.255.11
Learned via: static configuration
Time Active: 2d 12:44:52
Holdtime: 0
Device Index: 130
Subunit: 32769
Interface: ppd0.32769
Group Ranges:
www.juniper.net Multicast Implementation and Troubleshooting • Lab 8–9
JNCIE Service Provider Bootcamp
224.0.0.0/4
Anycast PIM local address used: 172.27.255.1

Address family INET6

lab@R1>
• R2:
[edit]
lab@R2# exit
Exiting configuration mode

lab@R2> show pim rps extensive


Instance: PIM.master
Address family INET

RP: 172.27.255.11
Learned via: static configuration
Time Active: 2d 12:34:33
Holdtime: 0
Device Index: 130
Subunit: 32769
Interface: ppd0.32769
Group Ranges:
224.0.0.0/4
Anycast PIM local address used: 172.27.255.2

Address family INET6

lab@R2>

Question: Which IP address is the RP for both R1 and R2?

Answer: Both R1 and R2 should have 172.27.255.11 for the RP


address.

Question: What is the group range for both RPs?

Answer: Both R1 and R2 should show a group range of


224.0.0.0/4.

Now that you have verified the RPs, verify the MSDP status and source-actives. The intradomain
MSDP usage for anycast RP covers the requirement for both R1 and R2 being the RP for all
groups, the requirement of a virtual IP for the RP, and the requirement for only IPv4 support. PIM
anycast RP could also be used, except it supports IPv4 and IPv6.

Lab 8–10 • Multicast Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
• R1:
lab@R1> show msdp
Peer address Local address State Last up/down Peer-Group SA Count
172.27.255.2 172.27.255.1 Established 2d 13:02:09 anycast-rp 1/1

lab@R1> show msdp source-active


Group address Source address Peer address Originator Flags
224.1.1.1 172.27.0.30 local 172.27.255.1 Accept
224.2.2.2 172.27.0.38 172.27.255.2 172.27.255.2 Accept
224.3.3.3 172.27.0.30 local 172.27.255.1 Accept

• R2:
lab@R2> show msdp
Peer address Local address State Last up/down Peer-Group SA Count
172.27.255.1 172.27.255.2 Established 2d 13:03:21 anycast-rp 2/2

lab@R2> show msdp source-active


Group address Source address Peer address Originator Flags
224.1.1.1 172.27.0.30 172.27.255.1 172.27.255.1 Accept
224.2.2.2 172.27.0.38 local 172.27.255.2 Accept
224.3.3.3 172.27.0.30 172.27.255.1 172.27.255.1 Accept

Question: What is the state of MSDP? How many SAs does R1


and R2 have?

Answer: The MSDP state should be established. R1 should have


1 SA, and R2 should have 2 SAs.

Finally, you must verify that all other routers use the closest RP. View the status of the RP on all
other routers. Make sure that the active groups using the RP matches the join to RP. Then check
that the join to RP upstream neighbor matches the shortest path to the RP..

Some of the below outputs might vary


depending on which path R5 chooses to
reach S1.

• R3:
[edit]
lab@R3# exit
Exiting configuration mode

lab@R3> show pim rps extensive


Instance: PIM.master
Address family INET

RP: 172.27.255.11
Learned via: static configuration
Time Active: 2d 13:08:19
Holdtime: 0

www.juniper.net Multicast Implementation and Troubleshooting • Lab 8–11


JNCIE Service Provider Bootcamp
Device Index: 131
Subunit: 32769
Interface: ppe0.32769
Group Ranges:
224.0.0.0/4
Active groups using RP:
224.1.1.1

total 1 groups active

Address family INET6

lab@R3> show pim join extensive 224.1.1.1


Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard

Group: 224.1.1.1
Source: *
RP: 172.27.255.11
Flags: sparse,rptree,wildcard
Upstream interface: ge-0/0/1.0
Upstream neighbor: 172.27.0.14
Upstream state: Join to RP
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.0.58 State: Join Flags: SRW Timeout: 156

Group: 224.1.1.1
Source: 172.27.0.30
Flags: sparse,spt
Upstream interface: ge-0/0/1.0
Upstream neighbor: 172.27.0.14
Upstream state: None, Join to Source
Keepalive timeout: 328
Downstream neighbors:
Interface: ge-0/0/3.0
172.27.0.25 State: Join Flags: S Timeout: 176
Interface: ge-0/0/4.0
172.27.0.58 State: Join Flags: S Timeout: 156

lab@R3> show route 172.27.255.11

inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.255.11/32 *[OSPF/10] 2d 13:33:22, metric 1


> to 172.27.0.14 via ge-0/0/1.0

lab@R3>

Lab 8–12 • Multicast Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
Question: Does the active group using the RP match the best
path to the RP?

Answer: Yes. As shown in the output from R3, the group


224.1.1.1 join to RP uses upstream neighbor 172.27.0.14,
which is the same path to the RP. This output might vary
depending on which path R5 chooses to send the join to RP.

• R4:
[edit]
lab@R4# exit
Exiting configuration mode

lab@R4> show pim rps extensive


Instance: PIM.master
Address family INET

RP: 172.27.255.11
Learned via: static configuration
Time Active: 2d 13:21:14
Holdtime: 0
Device Index: 131
Subunit: 32769
Interface: ppe0.32769
Group Ranges:
224.0.0.0/4
Active groups using RP:
224.3.3.3
224.2.2.2
224.1.1.1

total 3 groups active

Address family INET6

lab@R4> show pim join extensive 224.1.1.1


Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard

Group: 224.1.1.1
Source: *
RP: 172.27.255.11
Flags: sparse,rptree,wildcard
Upstream interface: ae0.0
Upstream neighbor: 172.27.0.10
Upstream state: Join to RP
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.0.22 State: Join Flags: SRW Timeout: 161

Group: 224.1.1.1
Source: 172.27.0.30

www.juniper.net Multicast Implementation and Troubleshooting • Lab 8–13


JNCIE Service Provider Bootcamp
Flags: sparse
Upstream interface: ae0.0
Upstream neighbor: 172.27.0.10
Upstream state: Prune to RP
Keepalive timeout:
Downstream neighbors:
Interface: ge-0/0/4.0 (pruned)
172.27.0.22 State: Prune Flags: SR Timeout: 161

lab@R4> show pim join extensive 224.2.2.2


Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard

Group: 224.2.2.2
Source: *
RP: 172.27.255.11
Flags: sparse,rptree,wildcard
Upstream interface: ae0.0
Upstream neighbor: 172.27.0.10
Upstream state: Join to RP
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.0.22 State: Join Flags: SRW Timeout: 150

Group: 224.2.2.2
Source: 172.27.0.38
Flags: sparse,spt
Upstream interface: ge-0/0/1.0
Upstream neighbor: 172.27.0.5
Upstream state: Join to Source, Prune to RP
Keepalive timeout: 344
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.0.22 State: Join Flags: S Timeout: 150

lab@R4> show route 172.27.255.11

inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.255.11/32 *[OSPF/10] 2d 13:40:18, metric 1


to 172.27.0.5 via ge-0/0/1.0
> to 172.27.0.10 via ae0.0

lab@R4>
• R5:
[edit]
lab@R5# exit
Exiting configuration mode

lab@R5> show pim rps extensive


Instance: PIM.master
Address family INET

Lab 8–14 • Multicast Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
RP: 172.27.255.11
Learned via: static configuration
Time Active: 2d 13:25:44
Holdtime: 0
Device Index: 131
Subunit: 32769
Interface: ppe0.32769
Group Ranges:
224.0.0.0/4
Active groups using RP:
224.3.3.3
224.2.2.2
224.1.1.1

total 3 groups active

Address family INET6

lab@R5> show pim join extensive 224.1.1.1


Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard

Group: 224.1.1.1
Source: *
RP: 172.27.255.11
Flags: sparse,rptree,wildcard
Upstream interface: ge-0/0/2.0
Upstream neighbor: 172.27.0.21
Upstream state: Join to RP
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.1.4 State: Join Flags: SRW Timeout: 180

Group: 224.1.1.1
Source: 172.27.0.30
Flags: sparse,spt
Upstream interface: ge-0/0/1.0
Upstream neighbor: 172.27.0.26
Upstream state: Join to Source, Prune to RP
Keepalive timeout: 304
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.1.4 State: Join Flags: S Timeout: 180

lab@R5> show pim join extensive 224.2.2.2


Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard

Group: 224.2.2.2
Source: *
RP: 172.27.255.11
Flags: sparse,rptree,wildcard
Upstream interface: ge-0/0/2.0
Upstream neighbor: 172.27.0.21
Upstream state: Join to RP

www.juniper.net Multicast Implementation and Troubleshooting • Lab 8–15


JNCIE Service Provider Bootcamp
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.1.2 State: Join Flags: SRW Timeout: 172

Group: 224.2.2.2
Source: 172.27.0.38
Flags: sparse,spt
Upstream interface: ge-0/0/2.0
Upstream neighbor: 172.27.0.21
Upstream state: None, Join to Source
Keepalive timeout: 356
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.1.2 State: Join Flags: S Timeout: 172

lab@R5> show route 172.27.255.11

inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.255.11/32 *[OSPF/10] 2d 14:04:12, metric 2


to 172.27.0.26 via ge-0/0/1.0
> to 172.27.0.21 via ge-0/0/2.0

lab@R5>

Question: Why does the *,G and S,G for group 224.1.1.1 have a
different upstream neighbor?

Answer: With R5 being the designated router for the receiver,


the source tree cut-over took place, and now the multicast
traffic is using the shortest path from the source (or preferred
path). This output might vary depending on which OSPF path is
taken to the RP—the *,G and S,G might match.

TASK 3
Group 224.2.2.2 is critical for Rec2, and they have requested that
the multicast traffic always uses the same path to keep traffic loss
to a minimum (except in the event of a failure). You cannot use
policy, and you cannot alter routes in inet.0 to accomplish this
task. One static route can be used if needed to accomplish this
task.
TASK INTERPRETATION
The task reveals that group 224.2.2.2 should always use the shared tree and should not cutover
to the source tree or shortest-path tree (SPT). The traffic is critical to Rec2 and they do not want
to lose any traffic during the source tree cutover process.

Lab 8–16 • Multicast Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
The easiest way to accomplish this task might be using a policy to not allow the SPT cutover to
take place for group 224.2.2.2 on the last hop router, but policy is not allowed for this task. The
next option is to make sure that the RPT and SPT always use the same path, so that the SPT
cutover does not takes place. R5 has equal cost paths to the RPs, so there is a chance that
currently RPT and SPT are the same path. We want to rule out that the RPT and SPT use the
same path by chance. You cannot alter inet.0, so you must populate inet.2 with routes that you
can alter. This is done by creating rib-groups to copy interface and OSPF routes into inet.2, and
then applying inet.2 to PIM to be used for the RPF check. Make sure that this configuration is
done on R4 as well, because R4 has the same issue with equal cost paths to the RP.
TASK COMPLETION
• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# edit routing-options

[edit routing-options]
lab@R5# set rib-groups to_inet.2 import-rib [inet.0 inet.2]

[edit routing-options]
lab@R5# set rib-groups rpf_inet.2 import-rib inet.2

[edit routing-options]
lab@R5# set interface-routes rib-group inet to_inet.2

[edit routing-options]
lab@R5# show
max-interface-supported 0;
interface-routes {
rib-group inet to_inet.2;
}
rib-groups {
to_inet.2 {
import-rib [ inet.0 inet.2 ];
}
rpf_inet.2 {
import-rib inet.2;
}
}

[edit routing-options]
lab@R5# top edit protocols

[edit protocols]
lab@R5# set ospf rib-group to_inet.2

[edit protocols]
lab@R5# set pim rib-group inet rpf_inet.2

[edit protocols]
lab@R5# show
ospf {
www.juniper.net Multicast Implementation and Troubleshooting • Lab 8–17
JNCIE Service Provider Bootcamp
rib-group to_inet.2;
area 0.0.0.0 {
interface all;
interface ge-0/0/0.0 {
disable;
}
}
}
pim {
rib-group inet rpf_inet.2;
rp {
static {
address 172.27.255.11;
}
}
interface all;
interface ge-0/0/0.0 {
disable;
}
}

[edit protocols]
lab@R5# commit

commit complete

[edit protocols]
lab@R5#
• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# edit routing-options

[edit routing-options]
lab@R4# set rib-groups to_inet.2 import-rib [inet.0 inet.2]

[edit routing-options]
lab@R4# set rib-groups rpf_inet.2 import-rib inet.2

[edit routing-options]
lab@R4# set interface-routes rib-group inet to_inet.2

[edit routing-options]
lab@R4# show
max-interface-supported 0;
interface-routes {
rib-group inet to_inet.2;
}
rib-groups {
to_inet.2 {
import-rib [ inet.0 inet.2 ];
}

Lab 8–18 • Multicast Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
rpf_inet.2 {
import-rib inet.2;
}
}

[edit routing-options]
lab@R4# top edit protocols

[edit protocols]
lab@R4# set ospf rib-group to_inet.2

[edit protocols]
lab@R4# set pim rib-group inet rpf_inet.2

[edit protocols]
lab@R4# show
ospf {
rib-group to_inet.2;
area 0.0.0.0 {
interface all;
interface ge-0/0/0.0 {
disable;
}
}
}
pim {
rib-group inet rpf_inet.2;
rp {
static {
address 172.27.255.11;
}
}
interface all;
interface ge-0/0/0.0 {
disable;
}
}

[edit protocols]
lab@R4# commit

commit complete

[edit protocols]
lab@R4#
TASK VERIFICATION
We begin by verifying which table the RPF check is using to the RP and source, and that the
routing table shows the correct routes for the RP and source.
• R5:
[edit protocols]
lab@R5# run show multicast rpf 172.27.0.38
Multicast RPF table: inet.2 , 22 entries

www.juniper.net Multicast Implementation and Troubleshooting • Lab 8–19


JNCIE Service Provider Bootcamp
172.27.0.36/30
Protocol: OSPF
Interface: ge-0/0/2.0
Neighbor: 172.27.0.21

[edit protocols]
lab@R5# run show multicast rpf 172.27.255.11
Multicast RPF table: inet.2 , 22 entries

172.27.255.11/32
Protocol: OSPF
Interface: ge-0/0/1.0
Neighbor: 172.27.0.26

[edit protocols]
lab@R5# run show route 172.27.0.38

inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.0.36/30 *[OSPF/10] 00:23:21, metric 3


> to 172.27.0.21 via ge-0/0/2.0

inet.2: 22 destinations, 22 routes (22 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.0.36/30 *[OSPF/10] 00:23:21, metric 3


> to 172.27.0.21 via ge-0/0/2.0

[edit protocols]
lab@R5# run show route 172.27.255.11

inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.255.11/32 *[OSPF/10] 07:19:57, metric 2


> to 172.27.0.26 via ge-0/0/1.0
to 172.27.0.21 via ge-0/0/2.0

inet.2: 22 destinations, 22 routes (22 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.255.11/32 *[OSPF/10] 07:19:57, metric 2


> to 172.27.0.26 via ge-0/0/1.0
to 172.27.0.21 via ge-0/0/2.0

Question: What table is being used for the RPF check?

Answer: Table inet.2 should be the RPF table.

Lab 8–20 • Multicast Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
Question: Is there only one possible next hop for the route to the
RP in table inet.2?

Answer: No. The route has not been altered in inet.2 so that the
next-hop of 172.27.0.21 is preferred. The output may vary and
show 172.27.0.21 is preferred, but you want to ensure that
172.27.0.26 cannot be chosen.

TASK CORRECTION
To ensure that 172.27.0.21 is preferred to match the SPT path in the inet.2 table, you must
make the 172.27.0.21 more preferred. A static route can be used to resolve this issue. Make
sure to apply the same inet.2 configuration on R4.
• R5:
[edit protocols]
lab@R5# top edit routing-options

[edit routing-options]
lab@R5# set rib inet.2 static route 172.27.255.11/32 next-hop 172.27.0.21

[edit routing-options]
lab@R5# show
max-interface-supported 0;
interface-routes {
rib-group inet to_inet.2;
}
rib inet.2 {
static {
route 172.27.255.11/32 next-hop 172.27.0.21;
}
}
rib-groups {
to_inet.2 {
import-rib [ inet.0 inet.2 ];
}
rpf_inet.2 {
import-rib inet.2;
}
}

[edit routing-options]
lab@R5# commit

commit complete

[edit routing-options]
lab@R5#
• R4:
[edit protocols]
lab@R4# top edit routing-options

www.juniper.net Multicast Implementation and Troubleshooting • Lab 8–21


JNCIE Service Provider Bootcamp
[edit routing-options]
lab@R4# set rib inet.2 static route 172.27.255.11/32 next-hop 172.27.0.5

[edit routing-options]
lab@R4# show
max-interface-supported 0;
interface-routes {
rib-group inet to_inet.2;
}
rib inet.2 {
static {
route 172.27.255.11/32 next-hop 172.27.0.5;
}
}
rib-groups {
to_inet.2 {
import-rib [ inet.0 inet.2 ];
}
rpf_inet.2 {
import-rib inet.2;
}
}

[edit routing-options]
lab@R4# commit

commit complete

[edit routing-options]
lab@R4#
Now that the route has a defined preferred next-hop, you can verify that the SPT and RPT match.
• R5:
[edit routing-options]
lab@R5# run show multicast rpf 172.27.0.38
Multicast RPF table: inet.2 , 22 entries

172.27.0.36/30
Protocol: OSPF
Interface: ge-0/0/2.0
Neighbor: 172.27.0.21

[edit routing-options]
lab@R5# run show multicast rpf 172.27.255.11
Multicast RPF table: inet.2 , 22 entries

172.27.255.11/32
Protocol: Static
Interface: ge-0/0/2.0
Neighbor: 172.27.0.21

[edit routing-options]
lab@R5# run show route 172.27.0.38

Lab 8–22 • Multicast Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.27.0.36/30 *[OSPF/10] 00:48:05, metric 3


> to 172.27.0.21 via ge-0/0/2.0

inet.2: 22 destinations, 23 routes (22 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.0.36/30 *[OSPF/10] 00:48:05, metric 3


> to 172.27.0.21 via ge-0/0/2.0

[edit routing-options]
lab@R5# run show route 172.27.255.11

inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.255.11/32 *[OSPF/10] 07:44:37, metric 2


> to 172.27.0.26 via ge-0/0/1.0
to 172.27.0.21 via ge-0/0/2.0

inet.2: 22 destinations, 23 routes (22 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.255.11/32 *[Static/5] 00:01:23


> to 172.27.0.21 via ge-0/0/2.0
[OSPF/10] 07:44:37, metric 2
> to 172.27.0.26 via ge-0/0/1.0
to 172.27.0.21 via ge-0/0/2.0

[edit routing-options]
lab@R5# run show pim join extensive 224.2.2.2
Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard

Group: 224.2.2.2
Source: *
RP: 172.27.255.11
Flags: sparse,rptree,wildcard
Upstream interface: ge-0/0/2.0
Upstream neighbor: 172.27.0.21
Upstream state: Join to RP
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.1.2 State: Join Flags: SRW Timeout: 170

Group: 224.2.2.2
Source: 172.27.0.38
Flags: sparse,spt
Upstream interface: ge-0/0/2.0
Upstream neighbor: 172.27.0.21
Upstream state: None, Join to Source
Keepalive timeout: 318
Downstream neighbors:

www.juniper.net Multicast Implementation and Troubleshooting • Lab 8–23


JNCIE Service Provider Bootcamp
Interface: ge-0/0/4.0
172.27.1.2 State: Join Flags: S Timeout: 170

• R4:
[edit routing-options]
lab@R4# run show multicast rpf 172.27.0.38
Multicast RPF table: inet.2 , 23 entries

172.27.0.36/30
Protocol: OSPF
Interface: ge-0/0/1.0
Neighbor: 172.27.0.5

[edit routing-options]
lab@R4# run show multicast rpf 172.27.255.11
Multicast RPF table: inet.2 , 23 entries

172.27.255.11/32
Protocol: Static
Interface: ge-0/0/1.0
Neighbor: 172.27.0.5

[edit routing-options]
lab@R4# run show route 172.27.0.38

inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.0.36/30 *[OSPF/10] 00:08:51, metric 2


> to 172.27.0.5 via ge-0/0/1.0

inet.2: 23 destinations, 24 routes (23 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.0.36/30 *[OSPF/10] 00:08:51, metric 2


> to 172.27.0.5 via ge-0/0/1.0

[edit routing-options]
lab@R4# run show route 172.27.255.11

inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.255.11/32 *[OSPF/10] 00:09:01, metric 1


to 172.27.0.5 via ge-0/0/1.0
> to 172.27.0.10 via ae0.0

inet.2: 23 destinations, 24 routes (23 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.255.11/32 *[Static/5] 00:09:02


> to 172.27.0.5 via ge-0/0/1.0
[OSPF/10] 00:09:01, metric 1

Lab 8–24 • Multicast Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
to 172.27.0.5 via ge-0/0/1.0
> to 172.27.0.10 via ae0.0

[edit routing-options]
lab@R4# run show pim join extensive 224.2.2.2
Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard

Group: 224.2.2.2
Source: *
RP: 172.27.255.11
Flags: sparse,rptree,wildcard
Upstream interface: ge-0/0/1.0
Upstream neighbor: 172.27.0.5
Upstream state: Join to RP
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.0.22 State: Join Flags: SRW Timeout: 188

Group: 224.2.2.2
Source: 172.27.0.38
Flags: sparse,spt
Upstream interface: ge-0/0/1.0
Upstream neighbor: 172.27.0.5
Upstream state: None, Join to Source
Keepalive timeout: 335
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.0.22 State: Join Flags: S Timeout: 188

Question: Do the RPT and SPT match on both R4 and R5 for


group 224.2.2.2?

Answer: Yes. Both R4 and R5 should show that the RPT and SPT
use the same path to group 224.2.2.2.

TASK 4
Ensure that joins to source are load-balanced for groups sourced
from S1.
TASK INTERPRETATION
If you view the lab diagram, R5 should have two equal paths to S1. Also, verify that R5 has equal
cost paths to S1. To load balance across the equal cost paths, simply configure the PIM option
join-load-balance on R5.
TASK COMPLETION
First verify the status of the routes and PIM joins on R5.
[edit routing-options]
lab@R5# run show route 172.27.0.30

www.juniper.net Multicast Implementation and Troubleshooting • Lab 8–25


JNCIE Service Provider Bootcamp
inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.27.0.28/30 *[OSPF/10] 01:50:12, metric 3


to 172.27.0.26 via ge-0/0/1.0
> to 172.27.0.21 via ge-0/0/2.0

inet.2: 22 destinations, 23 routes (22 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.0.28/30 *[OSPF/10] 01:50:12, metric 3


to 172.27.0.26 via ge-0/0/1.0
> to 172.27.0.21 via ge-0/0/2.0

[edit routing-options]
lab@R5# run show pim join extensive 224.1.1.1
Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard

Group: 224.1.1.1
Source: *
RP: 172.27.255.11
Flags: sparse,rptree,wildcard
Upstream interface: ge-0/0/2.0
Upstream neighbor: 172.27.0.21
Upstream state: Join to RP
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.1.4 State: Join Flags: SRW Timeout: 150

Group: 224.1.1.1
Source: 172.27.0.30
Flags: sparse,spt
Upstream interface: ge-0/0/2.0
Upstream neighbor: 172.27.0.21
Upstream state: None, Join to Source
Keepalive timeout: 359
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.1.4 State: Join Flags: S Timeout: 150

[edit routing-options]
lab@R5# run show pim join extensive 224.3.3.3
Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard

Group: 224.3.3.3
Source: *
RP: 172.27.255.11
Flags: sparse,rptree,wildcard
Upstream interface: ge-0/0/2.0
Upstream neighbor: 172.27.0.21
Upstream state: Join to RP

Lab 8–26 • Multicast Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.1.3 State: Join Flags: SRW Timeout: 198

Group: 224.3.3.3
Source: 172.27.0.30
Flags: sparse,spt
Upstream interface: ge-0/0/2.0
Upstream neighbor: 172.27.0.21
Upstream state: None, Join to Source
Keepalive timeout: 347
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.1.3 State: Join Flags: S Timeout: 198

Question: Does R5 show equal cost paths to S1?

Answer: Yes. You should see two next-hops for the route
172.27.0.30.

Question: Is R5 load balancing the PIM joins to source towards


S1?

Answer: No, both S,Gs for groups sourced from S1 use the
same upstream neighbor.

Now that you have verified load balancing is not occurring, configure the option to load balance
under PIM.
• R5:
[edit routing-options]
lab@R5# top edit protocols pim

[edit protocols pim]


lab@R5# set join-load-balance

[edit protocols pim]


lab@R5# show
rib-group inet rpf_inet.2;
rp {
static {
address 172.27.255.11;
}
}
interface all;
interface ge-0/0/0.0 {
disable;
}
join-load-balance;

www.juniper.net Multicast Implementation and Troubleshooting • Lab 8–27


JNCIE Service Provider Bootcamp
[edit protocols pim]
lab@R5# commit

commit complete

[edit protocols pim]


lab@R5#
TASK VERIFICATION
You can now verify that load balancing is occurring by looking at the two groups sourced from S1.
You might have to use the restart routing command (to speed up the process) on R5 for
the load balancing to occur because the load balancing option does not affect current joins.
• R5:
[edit protocols pim]
lab@R5# run show route 172.27.0.30

inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.0.28/30 *[OSPF/10] 00:14:12, metric 3


to 172.27.0.26 via ge-0/0/1.0
> to 172.27.0.21 via ge-0/0/2.0

inet.2: 22 destinations, 23 routes (22 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.0.28/30 *[OSPF/10] 00:14:12, metric 3


to 172.27.0.26 via ge-0/0/1.0
> to 172.27.0.21 via ge-0/0/2.0

[edit protocols pim]


lab@R5# run show pim join extensive 224.1.1.1
Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard

Group: 224.1.1.1
Source: *
RP: 172.27.255.11
Flags: sparse,rptree,wildcard
Upstream interface: ge-0/0/2.0
Upstream neighbor: 172.27.0.21
Upstream state: Join to RP
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.1.4 State: Join Flags: SRW Timeout: 205

Group: 224.1.1.1
Source: 172.27.0.30
Flags: sparse,spt
Upstream interface: ge-0/0/1.0
Upstream neighbor: 172.27.0.26
Upstream state: Join to Source, Prune to RP
Keepalive timeout: 353
Downstream neighbors:
Lab 8–28 • Multicast Implementation and Troubleshooting www.juniper.net
JNCIE Service Provider Bootcamp
Interface: ge-0/0/4.0
172.27.1.4 State: Join Flags: S Timeout: 205

[edit protocols pim]


lab@R5# run show pim join extensive 224.3.3.3
Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard

Group: 224.3.3.3
Source: *
RP: 172.27.255.11
Flags: sparse,rptree,wildcard
Upstream interface: ge-0/0/2.0
Upstream neighbor: 172.27.0.21
Upstream state: Join to RP
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.1.3 State: Join Flags: SRW Timeout: 200

Group: 224.3.3.3
Source: 172.27.0.30
Flags: sparse,spt
Upstream interface: ge-0/0/2.0
Upstream neighbor: 172.27.0.21
Upstream state: None, Join to Source
Keepalive timeout: 349
Downstream neighbors:
Interface: ge-0/0/4.0
172.27.1.3 State: Join Flags: S Timeout: 200

Question: Are the joins to source for the three groups from S1
load balancing?

Answer: Yes, in the R5 output, the group 224.1.1.1’s upstream


neighbor is 172.27.0.26, and the group 224.3.3.3 upstream
neighbor is 172.27.0.21. Your output might have the neighbors
swapped between the groups depending how the load
balancing occurs.

STOP Tell your instructor that you have completed this lab.

www.juniper.net Multicast Implementation and Troubleshooting • Lab 8–29


JNCIE Service Provider Bootcamp

Lab 8–30 • Multicast Implementation and Troubleshooting www.juniper.net


Lab
Class of Service Implementation and Troubleshooting

Overview
In this lab, you will be given a list of tasks specific to implementing and troubleshooting class of
service that you will need to accomplish within a specific time frame. You will have 2 hours to
complete the simulation.
By completing this lab, you will perform the following tasks:
• Configure a scheduler named jncie-cos on all routers with the following criteria:
– The expedited-forwarding queue should have the high priority with 10%
allocation of traffic;
– The assured-forwarding queue should have medium-high priority with 5%
allocation of traffic;
– The best-effort queue should have low priority with 80% allocation of traffic;
– The network-connect queue should have low priority with 5% traffic allocation;
and
– Apply the scheduler on all interfaces.
• Configure a MF classifier named voice on R5:
– The classifier should match any traffic with DSCP EF markings and place this
traffic into the EF queue;
– The classifier should match any TCP traffic destined to port 2000 and place this
traffic on the AF queue; and
– Place this classifier on traffic coming from the C1 router.
• Configure a MF classifier named internet on R1:
– Match all traffic and place into the best effort queue and mark as high loss drop
profile; and
– Place this classifier on all traffic coming from the C2 router.
• Configure a rewrite marker named jncie-rw on R5:
– Mark all traffic on the expedited-forwarding queue as DSCP EF; and
– Mark all traffic on the assured-forwarding queue as DSCP AF21.
• Configure a behavior aggregate classifier named jncie-ba on R3, and R4:
www.juniper.net Class of Service Implementation and Troubleshooting • Lab 9–1
JNCIE Service Provider Bootcamp
– Place all traffic with inet-precedence 5 into the expedited-forwarding queue; and
– Place all traffic with inet-precedence 3 into the assured-forwarding queue.
• Configure a filter named jncie-police on R3 and R4:
– Send any traffic marked as DSCP 21 and exceeding 50 Mb to the best effort
queue and mark it as loss priority high;
– Send any traffic marked as DSCP 46 and exceeding 100 Mb to the best effort
queue and mark it as loss priority low; and
– Apply the policer to the interfaces facing R5.
• Configure a behavior aggregate classifier on R2:
– Place all traffic marked with 802.1p number 5 on the expedited forwarding
queue; and
– Apply this to the interface facing the VPLS CE2 device.
• Configure a rewrite marker named vpls-rw on R2:
– Mark all traffic in the expedited queue to EXP 5.

Lab 9–2 • Class of Service Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp

Configuring CoS
In this lab part, you will log in to your assigned routers and ensure that you are running the
correct startup configuration file for this lab. Refer to the network diagram for this lab for
topological and configuration details. You will then configure various CoS settings depending on
the outlined requirements. You must ensure that all the CoS requirements are met based on the
task guidelines.

Note
We recommend that you spend some time
investigating the current operation of your
routers. During the real exam, you might be
given routers that are operating
inefficiently. Investigating operating issues
now might save you a lot of time
troubleshooting strange issues later.

TASK 1
Configure a scheduler-map named jncie-cos on all routers. Map each
queue to the following set of criteria:
• The expedited-forwarding queue should have the high priority
with a 10% transmit rate;
• The assured-forwarding queue should have medium-high
priority with a 5% transmit rate;
• The best-effort queue should have low priority with a 80%
transmit rate;
• The network-connect queue should have low priority with a 5%
transmit rate; and
• Apply the scheduler on all gigabit interfaces.

Note
When you have a repetitive task on the
exam, take advantage of Notepad access
for copy and paste operations.

TASK INTERPRETATION
The task is requesting a simple scheduler-map configuration to be applied on all interfaces. It
lays out all the necessary criteria and it includes instructions to use a specific name for the
scheduler-map, but it does not seem to matter what you use to name the schedulers
themselves. The rest of the instructions are straightforward.

www.juniper.net Class of Service Implementation and Troubleshooting • Lab 9–3


JNCIE Service Provider Bootcamp
TASK COMPLETION
• R1, R2, R3, R4, and R5:
[edit]
lab@R1# edit class-of-service

[edit class-of-service]
lab@R1# set schedulers ef transmit-rate percent 10

[edit class-of-service]
lab@R1# set schedulers ef priority high

[edit class-of-service]
lab@R1# set schedulers af priority medium-high

[edit class-of-service]
lab@R1# set schedulers af transmit-rate percent 5

[edit class-of-service]
lab@R1# set schedulers be transmit-rate percent 80

[edit class-of-service]
lab@R1# set schedulers be priority low

[edit class-of-service]
lab@R1# set schedulers nc transmit-rate percent 5

[edit class-of-service]
lab@R1# set schedulers nc priority low

[edit class-of-service]
lab@R1# set scheduler-maps jncie-cos forwarding-class expedited-forwarding
scheduler ef

[edit class-of-service]
lab@R1# set scheduler-maps jncie-cos forwarding-class assured-forwarding scheduler
af

[edit class-of-service]
lab@R1# set scheduler-maps jncie-cos forwarding-class best-effort scheduler be

[edit class-of-service]
lab@R1# set scheduler-maps jncie-cos forwarding-class network-control scheduler nc

[edit class-of-service]
lab@R1# set interfaces ge-* scheduler-map jncie-cos

lab@R1# show
interfaces {
ge-* {
scheduler-map jncie-cos;
}
}
scheduler-maps {
jncie-cos {

Lab 9–4 • Class of Service Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
forwarding-class expedited-forwarding scheduler ef;
forwarding-class assured-forwarding scheduler af;
forwarding-class best-effort scheduler be;
forwarding-class network-control scheduler nc;
}
}
schedulers {
ef {
transmit-rate percent 10;
priority high;
}
af {
transmit-rate percent 5;
priority medium-high;
}
be {
transmit-rate percent 80;
priority low;
}
nc {
transmit-rate percent 5;
priority low;
}
}
[edit class-of-service]
lab@R1# commit
TASK VERIFICATION
The best way to verify this task is to issue the show class-of-service interface
command and confirm that the correct scheduler has been applied to the interface:
[edit class-of-service]
lab@R1# run show class-of-service interface ge-0/0/1
Physical interface: ge-0/0/1, Index: 134
Queues supported: 8, Queues in use: 4
Scheduler map: jncie-cos, Index: 31932
Congestion-notification: Disabled

Logical interface: ge-0/0/1.0, Index: 71


Object Name Type Index
Classifier ipprec-compatibility ip 13

TASK 2
Configure a multifield classifier named voice on R5:
• The classifier should match any traffic with DSCP EF
markings and place this traffic into the EF queue;
• The classifier should match any TCP traffic destined to port
2000 and place this traffic on the AF queue; and
• Place this classifier on traffic coming from the C1 router.

www.juniper.net Class of Service Implementation and Troubleshooting • Lab 9–5


JNCIE Service Provider Bootcamp
TASK INTERPRETATION
This task is requiring the use of a multifield classifier on R5. A firewall filter is used for multifield
classification. The task explicitly states to name the classifier voice, it also states to place the
classifier on traffic coming from the Customer 1 router. Referring to the lab diagram the firewall
filter is applied to the ge-0/0/4.0 interface. Remember to accept all unmatched traffic in your
firewall filter—a simple mistake like this can cause you to fail the exam.
TASK COMPLETION
• R5:
[edit class-of-service]
lab@R5# top edit firewall family inet filter voice

[edit firewall family inet filter voice]


lab@R5# set term 1 from dscp ef

[edit firewall family inet filter voice]


lab@R5# set term 1 then forwarding-class expedited-forwarding

[edit firewall family inet filter voice]


lab@R5# set term 2 from protocol tcp

[edit firewall family inet filter voice]


lab@R5# set term 2 from destination-port 2000

[edit firewall family inet filter voice]


lab@R5# set term 2 then forwarding-class assured-forwarding

[edit firewall family inet filter voice]


lab@R5# set term 3 then accept

[edit firewall family inet filter voice]


lab@R5# top set interfaces ge-0/0/4.0 family inet filter input voice

[edit firewall family inet filter voice]


lab@R5# commit

TASK VERIFICATION
The best way to verify this task is to make sure your firewall is configured correctly on the correct
interface by examining the configuration. If the test provides you with access to the Customer 1
router, a ping with the correct set of ToS bytes can be generated, and verify that the internal
router is placing the traffic into the correct queue.
In this lab, you are given access to the external device. The Customer 1 router is in a routing
instance named C1 in the VR-device. The device can be accessed with SSH from the R5 router or
through the management IP with the user lab and password lab123. On R5, find which routes
are advertised to C1 and then generate a ping to C1 from that destination with the correct
markings. After doing this, return to R5 and view an extensive output for the interface facing the
internal routers.
• R5:
[edit firewall family inet filter voice]
lab@R5# top

Lab 9–6 • Class of Service Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp

[edit]
lab@R5# exit

Exiting configuration mode


lab@R5> show route advertising-protocol bgp 172.27.0.50 | match /32
* 2.2.2.2/32 Self 2 I
* 172.27.255.1/32 Self 2 I
* 172.27.255.2/32 Self 2 I
* 172.27.255.3/32 Self 1 I
* 172.27.255.4/32 Self 1 I

lab@R5> ssh lab@172.27.0.50


The authenticity of host '172.27.0.50 (172.27.0.50)' can't be established.
RSA key fingerprint is 0c:d7:22:f8:ae:60:7b:60:12:40:df:e2:b4:2f:d1:c7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.27.0.50' (RSA) to the list of known hosts.
lab@172.27.0.50's password:

--- JUNOS 10.3-20110523_pvt_predator_a.0 built 2011-05-23 04:17:01 UTC


lab@vrdevice> ping 172.27.255.4 routing-instance C1 tos 184 count 20 rapid
PING 172.27.255.4 (172.27.255.4): 56 data bytes
!!!!!!!!!!!!!!!!!!!!
--- 172.27.255.4 ping statistics ---
20 packets transmitted, 20 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.711/5.991/7.548/0.702 ms
lab@vrdevice> exit

lab@R5> show route 172.27.255.4

inet.0: 28 destinations, 29 routes (28 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

172.27.255.4/32 *[OSPF/10] 5d 23:09:18, metric 1


> to 172.27.0.21 via ge-0/0/2.0
...

lab@R5> show interfaces ge-0/0/2 extensive | find "Queue counters"


Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 133162 133162 0
1 expedited-fo 22 22 0
2 assured-forw 0 0 0
3 network-cont 158284 158284 0
...
As observed, the correct queue is populated with traffic on the outbound interface on R5.

www.juniper.net Class of Service Implementation and Troubleshooting • Lab 9–7


JNCIE Service Provider Bootcamp
Question: Why is the number 184 used in the ping command?

Answer: The ping command requires a decimal for the entire


length to the ToS byte. This is 8 bits instead of 6 bits
represented by DSCP. To find this number, you can convert 46,
which is EF in DSCP, to binary and add two zeros to the
right-most bits. For example, 101110 is 46 in binary; if you add
two zeroes to the end and convert it to decimal, it equals 184.

Note
Make sure you verify with the proctor if the
external device is accessible and if its using
a routing instance.

Note
To be more efficient when doing the ping
command, take advantage of the rapid
and count statements.

TASK 3
Configure a MF classifier name internet on R1:
• Match all traffic and place into the best effort queue and
mark as high loss drop profile; and
• Place this classifier on all traffic coming from the C2
router.
TASK INTERPRETATION
This task is very similar to the previous task with the additional requirement of marking the
packets with loss priority high.
Create a firewall filter named internet and place all the traffic in the best effort queue with
loss priority to high. Configure this filter as input on the interface facing the Customer 2
router. Because the term matches all traffic and uses the then forwarding-class
terminating action, no subsequent accept term is necessary.
TASK COMPLETION
• R1:
[edit class-of-service]
lab@R1# top edit firewall family inet filter internet

[edit firewall family inet filter internet]


lab@R1# set term 1 then forwarding-class best-effort

[edit firewall family inet filter internet]


lab@R1# set term 1 then loss-priority high

[edit firewall family inet filter internet]


lab@R1# top set interfaces ge-0/0/1.0 family inet filter input internet

Lab 9–8 • Class of Service Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
[edit firewall family inet filter internet]
lab@R1# commit

TASK VERIFICATION
As with the previous command, the easiest and most efficient way to verify this task is to simply
check the configuration and ensure everything is in place. This task is more complicated to
verify from an external device due to the fact that even without the firewall configured, all traffic
can go into the best-effort queue. If everything appears correctly when viewing the
configuration, it should satisfy this task.
Note
During the exam, we recommend you verify
the success of tasks when possible.
However, if time is a factor, priority should
be given to any unfinished tasks.

TASK 4
Configure a rewrite marker named jncie-rw on R5:
• Mark all traffic on the expedited-forwarding queue as DSCP
EF;
• Mark all traffic on the assured-forwarding queue as DSCP
AF21; and
• Place the rewrite on the interfaces facing R3 and R4.
TASK INTERPRETATION
The task is asking for a simple rewrite marker on traffic in the expedited forwarding and assured
forwarding queues. Create a DSCP rewrite marker named jncie-rw and match on the correct
markings, and apply it to the correct forwarding class. Apply this rewrite marker to the interfaces
facing the internal network. Utilize the copy and replace Junos commands to speed up the
configuration. Because the task does not specify on which loss-priority markings should be
matched, all of them are used at this time.

Note
During the exam, we recommend that you
over-configure rather than under-configure.
If a task does not explicitly mention a step,
and if the extra configuration does not
conflict with any other task in the exam, it is
a good idea to perform the additional
configuration steps.

TASK COMPLETION
• R5:
lab@R5> configure

Entering configuration mode


lab@R5# edit class-of-service rewrite-rules dscp jncie-rw

www.juniper.net Class of Service Implementation and Troubleshooting • Lab 9–9


JNCIE Service Provider Bootcamp

[edit class-of-service rewrite-rules dscp jncie-rw]


lab@R5# set forwarding-class expedited-forwarding loss-priority high code-point ef

[edit class-of-service rewrite-rules dscp jncie-rw]


lab@R5# set forwarding-class expedited-forwarding loss-priority low code-point ef

[edit class-of-service rewrite-rules dscp jncie-rw]


lab@R5# set forwarding-class expedited-forwarding loss-priority medium-high
code-point ef

[edit class-of-service rewrite-rules dscp jncie-rw]


lab@R5# set forwarding-class expedited-forwarding loss-priority medium-low
code-point ef

[edit class-of-service rewrite-rules dscp jncie-rw]


lab@R5# copy forwarding-class expedited-forwarding to forwarding-class
assured-forwarding

[edit class-of-service rewrite-rules dscp jncie-rw]


lab@R5# edit forwarding-class assured-forwarding

[edit class-of-service rewrite-rules dscp jncie-rw forwarding-class


assured-forwarding]
lab@R5# replace pattern ef with af21

[edit class-of-service rewrite-rules dscp jncie-rw forwarding-class


assured-forwarding]
lab@R5# up

[edit class-of-service rewrite-rules dscp jncie-rw]


lab@R5# show
forwarding-class expedited-forwarding {
loss-priority high code-point ef;
loss-priority low code-point ef;
loss-priority medium-high code-point ef;
loss-priority medium-low code-point ef;
}
forwarding-class assured-forwarding {
loss-priority high code-point af21;
loss-priority low code-point af21;
loss-priority medium-high code-point af21;
loss-priority medium-low code-point af21;
}
[edit class-of-service rewrite-rules dscp jncie-rw]
lab@R5# up 2

[edit class-of-service]
lab@R5# set interfaces ge-0/0/1 unit 0 rewrite-rules dscp jncie-rw

[edit class-of-service]
lab@R5# set interfaces ge-0/0/2 unit 0 rewrite-rules dscp jncie-rw

[edit class-of-service]
lab@R5# commit

Lab 9–10 • Class of Service Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp

TASK VERIFICATION
Remember that the rewrite of bits is an egress operation in Junos OS. Ensure that the correct
rewrite marker is applied by looking at the output of the show class-of-service
interface and the show class-of-service rewrite-rule type dscp
operational commands.
• R5:
[edit class-of-service]
lab@R5# run show class-of-service interface ge-0/0/1
Physical interface: ge-0/0/1, Index: 134
Queues supported: 8, Queues in use: 4
Scheduler map: <default>, Index: 2
Congestion-notification: Disabled

Logical interface: ge-0/0/1.0, Index: 72


Object Name Type Index
Rewrite jncie-rw dscp 56953
Rewrite exp-default exp (mpls-any) 33
Classifier exp-default exp 10
Classifier ipprec-compatibility ip 13

[edit class-of-service]
lab@R5# run show class-of-service rewrite-rule type dscp name jncie-rw
Rewrite rule: jncie-rw, Code point type: dscp, Index: 56953
Forwarding class Loss priority Code point
expedited-forwarding low 101110
expedited-forwarding high 101110
expedited-forwarding medium-low 101110
expedited-forwarding medium-high 101110
assured-forwarding low 010010
assured-forwarding high 010010
assured-forwarding medium-low 010010
assured-forwarding medium-high 010010
TASK 5
Configure a behavior aggregate classifier named jncie-ba on all ge
interfaces of R3 and R4:
• Place all traffic with inet-precedence 5 into the
expedited-forwarding queue; and
• Place all traffic with inet-precedence 3 into the
assured-forwarding queue.
TASK INTERPRETATION
As with a previous task, this task requires classification of traffic into different
forwarding-classes. However, this task is explicit in requiring the use of a behavior aggregate
classifier and use of inet-precedence. Because it is not explicit as to what the loss priority should
be, it is safe to use loss-priority low.
As with previous tasks, because no change occurs in the configuration from router to router,
take advantage of Notepad for copy and paste operations.

www.juniper.net Class of Service Implementation and Troubleshooting • Lab 9–11


JNCIE Service Provider Bootcamp
TASK COMPLETION
• R3 and R4:
[edit class-of-service]
lab@R4# edit classifiers inet-precedence jncie-ba

[edit class-of-service classifiers inet-precedence jncie-ba]


lab@R4# set forwarding-class expedited-forwarding loss-priority low code-points
101

[edit class-of-service classifiers inet-precedence jncie-ba]


lab@R4# set forwarding-class assured-forwarding loss-priority low code-points 011

[edit class-of-service classifiers inet-precedence jncie-ba]


lab@R4# up 2 set interfaces ge-* unit 0 classifiers inet-precedence jncie-ba

[edit class-of-service classifiers inet-precedence jncie-ba]


lab@R4# commit
TASK VERIFICATION
As with the previous classification task, there are a few approaches to confirm that classification
is working. The best way to ensure that classification is working properly is by pinging from an
upstream device to a downstream device. Referring to the topology, a ping with the correct set of
ToS bits is generated from R1 to the loopback address of R5 to check the classification on R3.
Likewise, a ping is generated from R2 to R5 to check the classification of R4. We recommend
that you clear the statistics on R3 and R4 to get a fresh set of counters to confirm the
classification.
• R3 and R4:
[edit class-of-service classifiers inet-precedence jncie-ba]
lab@R3# run clear interfaces statistics all

• R1 and R2:
[edit class-of-service]
lab@R1# run ping 172.27.255.5 rapid count 20 tos 160
PING 172.27.255.5 (172.27.255.5): 56 data bytes
!!!!!!!!!!!!!!!!!!!!
--- 172.27.255.5 ping statistics ---
20 packets transmitted, 20 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.308/4.660/7.511/1.103 ms

[edit class-of-service]
lab@R1# run ping 172.27.255.5 rapid count 20 tos 96
PING 172.27.255.5 (172.27.255.5): 56 data bytes
!!!!!!!!!!!!!!!!!!!!
--- 172.27.255.5 ping statistics ---
20 packets transmitted, 20 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.268/4.578/6.781/1.004 ms

• R3 and R4:
[edit class-of-service classifiers inet-precedence jncie-ba]
lab@R3# run show interfaces ge-0/0/3 extensive | find "Queue counter"

Lab 9–12 • Class of Service Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 30 30 0
1 expedited-fo 20 20 0
2 assured-forw 20 20 0
3 network-cont 34 34 0

[edit class-of-service classifiers inet-precedence jncie-ba]


lab@R4# run show interfaces ge-0/0/4 extensive | find "Queue counter"
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 20 20 0
1 expedited-fo 20 20 0
2 assured-forw 20 20 0
3 network-cont 19 19 0
TASK 6
Configure a firewall named jncie-police on R3 and R4:
• Send any traffic marked as DSCP AF21 and exceeding 50 Mb to
the best effort queue and mark it as loss priority high;
• Send any traffic marked as DSCP EF and exceeding 100 Mb to
the best effort queue and mark it as loss priority low; and
• Apply the policer to the interfaces facing R5.
TASK INTERPRETATION
In this task, the requirement is to create a policer with an action to reclassify traffic if it exceeds
a certain rate. The task also requires matching on DSCP code points. Clearly, the only way to
complete this task is with a firewall filter matching on the DSCP code points with a then
policer action and applying the policer as input to the interface facing R5. This task does not
explicitly state the burst size setting, so to keep the task simple, set the burst size to 10 times
the MTU size of the interface.
TASK COMPLETION
• R3
[edit class-of-service classifiers inet-precedence jncie-ba]
lab@R3# top edit firewall

[edit firewall]
lab@R3# set policer ef if-exceeding bandwidth-limit 100m burst-size-limit 15000

[edit firewall]
lab@R3# set policer ef then forwarding-class best-effort

[edit firewall]
lab@R3# set policer ef then loss-priority low

[edit firewall]
lab@R3# copy policer ef to policer af21

[edit firewall]
lab@R3# edit policer af21

[edit firewall policer af21]

www.juniper.net Class of Service Implementation and Troubleshooting • Lab 9–13


JNCIE Service Provider Bootcamp
lab@R3# show
if-exceeding {
bandwidth-limit 100m;
burst-size-limit 15k;
}
then {
loss-priority low;
forwarding-class best-effort;
}

[edit firewall policer af21]


lab@R3# set if-exceeding bandwidth-limit 50m

[edit firewall policer af21]


lab@R3# set then loss-priority high

[edit firewall policer af21]


lab@R3# show
if-exceeding {
bandwidth-limit 50m;
burst-size-limit 15k;
}
then {
loss-priority high;
forwarding-class best-effort;
}

[edit firewall policer af21]


lab@R3# up

[edit firewall]
lab@R3# set family inet filter jncie-police term 1 from dscp af21

[edit firewall]
lab@R3# set family inet filter jncie-police term 1 then policer af21

[edit firewall]
lab@R3# set family inet filter jncie-police term 2 from dscp ef

[edit firewall]
lab@R3# set family inet filter jncie-police term 2 then policer ef

[edit firewall]
lab@R3# set family inet filter jncie-police term 3 then accept

[edit firewall]
lab@R3# top set interfaces ge-0/0/3.0 family inet filter input jncie-police

[edit firewall]
lab@R3# commit
• R4
[edit class-of-service classifiers inet-precedence jncie-ba]
lab@R4# top edit firewall

Lab 9–14 • Class of Service Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
[edit firewall]
lab@R4# set policer ef if-exceeding bandwidth-limit 100m burst-size-limit 15000

[edit firewall]
lab@R4# set policer ef then forwarding-class best-effort

[edit firewall]
lab@R4# set policer ef then loss-priority low

[edit firewall]
lab@R4# copy policer ef to policer af21

[edit firewall]
lab@R4# edit policer af21

[edit firewall policer af21]


lab@R4# show
if-exceeding {
bandwidth-limit 100m;
burst-size-limit 15k;
}
then {
loss-priority low;
forwarding-class best-effort;
}

[edit firewall policer af21]


lab@R4# set if-exceeding bandwidth-limit 50m

[edit firewall policer af21]


lab@R4# set then loss-priority high

[edit firewall policer af21]


lab@R4# show
if-exceeding {
bandwidth-limit 50m;
burst-size-limit 15k;
}
then {
loss-priority high;
forwarding-class best-effort;
}

[edit firewall policer af21]


lab@R4# up

[edit firewall]
lab@R4# set family inet filter jncie-police term 1 from dscp af21

[edit firewall]
lab@R4# set family inet filter jncie-police term 1 then policer af21

[edit firewall]
lab@R4# set family inet filter jncie-police term 2 from dscp ef

www.juniper.net Class of Service Implementation and Troubleshooting • Lab 9–15


JNCIE Service Provider Bootcamp
[edit firewall]
lab@R4# set family inet filter jncie-police term 2 then policer ef

[edit firewall]
lab@R4# set family inet filter jncie-police term 3 then accept

[edit firewall]
lab@R4# top set interfaces ge-0/0/4.0 family inet filter input jncie-police

[edit firewall]
lab@R4# commit

TASK VERIFICATION
During the exam, you cannot generate enough traffic to see if the filter is working properly.
Verification for this task can easily be done by double checking the configuration. Confirm that
the filter has the correct name and is applied to the right interface and remember to apply an
accept term to the filter.
TASK 7
Configure a behavior aggregate classifier on R2 named vpls-ba:
• Place all traffic marked with 802.1p number 5 on the
expedited forwarding queue; and
• Apply this classifier to the interface facing the VPLS CE1
device.
TASK INTERPRETATION
Refer to the topology diagram. This task is asking for another behavior aggregate, this time
based on 802.1p markings. A behavior aggregate named vpls-ba of type 802.1p must be
created that matches the number 5. The behavior aggregate must be placed on the interface
facing the VPLS CE1 device. As with the previous classifiers, if a loss priority marking is not
provided, loss-priority low can be used.
TASK COMPLETION
• R2:
[edit class-of-service]
lab@R2# edit classifiers ieee-802.1 vpls-ba

[edit class-of-service classifiers ieee-802.1 vpls-ba]


lab@R2# set forwarding-class expedited-forwarding loss-priority low code-points
101

[edit class-of-service classifiers ieee-802.1 vpls-ba]


lab@R2# up 2 set interfaces ge-0/0/3 unit 0 classifiers ieee-802.1 vpls-ba

[edit class-of-service classifiers ieee-802.1 vpls-ba]


lab@R2# commit

Lab 9–16 • Class of Service Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
TASK VERIFICATION
The use of VPLS in the topology might be intimidating for CoS operations, but the configuration
is very similar to that of the other possible ToS markings. If time allows and you have access to
the VPLS CEs, matching on 802.1p markings of zero and placing into the expedited-forwarding
queue can confirm that the configuration is correct. After adding the configuration, log in to the
VPLS CE and generate a ping to the other CE device. The expedited-forwarding queue counter on
the interface facing the core should increment due to the ping.
The VR-device has both VPLS CE devices in different routing instances. The name of the VPLS
routing-instances is VPLS-CE1 and VPLS-CE2. Find the IP addresses for the VPLS interfaces and
generate a ping.
• R2:
[edit class-of-service classifiers ieee-802.1 vpls-ba]
lab@R2# set forwarding-class expedited-forwarding loss-priority low code-points
000

[edit class-of-service classifiers ieee-802.1 vpls-ba]


lab@R2# commit

[edit class-of-service classifiers ieee-802.1 vpls-ba]


lab@R2# run clear interfaces statistics all

• VR-device:
lab@vrdevice> show route table VPLS-CE protocol local terse

VPLS-CE1.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

A Destination P Prf Metric 1 Metric 2 Next hop AS path


* 192.168.1.1/32 L 0 Local

VPLS-CE2.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

A Destination P Prf Metric 1 Metric 2 Next hop AS path


* 192.168.1.3/32 L 0 Local

lab@vrdevice> ping 192.168.1.3 routing-instance VPLS-CE1 rapid count 100


PING 192.168.1.3 (192.168.1.3): 56 data bytes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!
...
• R2:
[edit class-of-service classifiers ieee-802.1 vpls-ba]
lab@R2# run show interfaces ge-0/0/4 extensive | find "Queue counter"
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 179 179 0
1 expedited-fo 100 100 0
2 assured-forw 0 0 0
3 network-cont 178 178 0
...

www.juniper.net Class of Service Implementation and Troubleshooting • Lab 9–17


JNCIE Service Provider Bootcamp
R2 is queueing the packets into the expedited forwarding properly, the same should be expected
of traffic with a 802.1p marking of 5. As mentioned earlier, any extra configuration if not explicitly
disallowed should be okay to use, if there is any doubt ask the proctor.
TASK 8
Configure a rewrite marker named vpls-rw on R2 and mark all traffic
in the expedited queue to EXP 5.
TASK INTERPRETATION
Similar to a previous task, this task is requiring the use of rewrite marker for traffic in particular
forwarding-class. The same steps as previously shown should be used to configure the rewrite
marker, one difference is that you must apply this to the MPLS EXP markings.
TASK COMPLETION
[edit class-of-service classifiers ieee-802.1 vpls-ba]
lab@R2# up 2 edit rewrite-rules exp vpls-rw

[edit class-of-service rewrite-rules exp vpls-rw]


lab@R2# set forwarding-class expedited-forwarding loss-priority low code-point 101

[edit class-of-service rewrite-rules exp vpls-rw]


lab@R2# up 2 set interfaces ge-0/0/4 unit 0 rewrite-rules exp vpls-rw

[edit class-of-service rewrite-rules exp vpls-rw]


lab@R2# commit
TASK VERIFICATION
After checking the configuration, if time allows for more verification, a family MPLS filter can be
created on the downstream router with a counter to make sure the bits are written correctly.
From the perspective of R2, the next-hop router to the VPLS PE is R4. On R4, a filter is created to
count exp 5 packets. Generate a ping from the CE device and make sure that the configuration
on R2 places packets with priority bit zero into the expedited forwarding queue, as done in the
previous verification step.
• R4:
[edit firewall]
lab@R4# top edit firewall family mpls filter count

[edit firewall family mpls filter count]


lab@R4# set term 1 from exp 5

[edit firewall family mpls filter count]


lab@R4# set term 1 then count fromR2

[edit firewall family mpls filter count]


lab@R4# set term 1 then accept

[edit firewall family mpls filter count]


lab@R4# set term 2 then accept

[edit firewall family mpls filter count]


lab@R4# top set interfaces ge-0/0/1.0 family mpls filter input count

Lab 9–18 • Class of Service Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
[edit firewall family mpls filter count]
lab@R4# commit
• VR-device VPLS CE1:
lab@vrdevice> ping 192.168.1.3 routing-instance VPLS-CE1 rapid count 100
PING 192.168.1.3 (192.168.1.3): 56 data bytes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!
...
• R4:
[edit firewall family mpls filter count]
lab@R4# run show firewall
...
Filter: count
Counters:
Name Bytes Packets
fromR2 11054 101

STOP Tell your instructor that you have completed this lab.

www.juniper.net Class of Service Implementation and Troubleshooting • Lab 9–19


JNCIE Service Provider Bootcamp

Lab 9–20 • Class of Service Implementation and Troubleshooting www.juniper.net


Lab
MPLS Implementation and Troubleshooting

Overview
In this lab, you will be given a list of tasks specific to implementing and troubleshooting MPLS
which you will need to accomplish within a specific time frame. You will have 1.5 hours to
complete the simulation.
By completing this lab, you will perform the following tasks:
• Configure the RSVP LSPs, defined in the LSP tables, through your network and
ensure all LSPs are up and functional.
• R2 is not allowed to run RSVP to signal its LSPs. You must route between R2 and R5
using a LSP. You must also ensure that the failure of any transit router does not
prevent the exchange of labels between R2 and R5. LDP is prohibited on R3.
• Ensure that the r1-to-r5 LSP has two unique paths. The primary path should
traverse R4 while the secondary path should use a different path and be signaled
and ready for use.
• Configure the administrative groups defined in the Admin table on all RSVP routers.
Apply these administrative groups to the appropriate links as illustrated on the lab
diagram. Ensure that the r3-to-r4 LSP avoids the R3-R4 link.
• Configure the r5-to-r1 LSP to reserve 450 Mbps of bandwidth across the
network.
• Create a bypass to improve convergence time for the r5-to-r1 LSP in the event of
a R4-R1 link failure. Ensure bandwidth reservation is honored and the best available
path is chosen.
• Ensure that all MPLS packets that transit the R1-R4 link are load balanced across
both member links of the aggregated Ethernet bundle. The contents of the outer
label as well as the IP packet should be used by the load balancing algorithm.
• Ensure that the entire core MPLS network appears as two hops for any transit traffic.

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–1


JNCIE Service Provider Bootcamp

Configuring LSPs
In this lab part, you will log in to your assigned routers and configure the label-switched paths
(LSPs) required to transport traffic through your core network. You must ensure all LSPs are
created within the guidelines defined by the tasks in this lab.

We recommend that you spend some time


investigating the current operation of your
routers. During the real exam, you might be
given routers that are operating
inefficiently. Investigating operating issues
now might save you a lot of time
troubleshooting strange issues later.

INITIAL TASK
Access the CLI for your routers using either the console, Telnet, or SSH as directed by your
instructor. Refer to the management network diagram for the IP address associated with your
devices. Log in as user lab with the password lab123.
TASK COMPLETION
• R1:
R1 (ttyd0)

login: lab
Password:

--- JanOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R1>
• R2:
R2 (ttyd0)

login: lab
Password:

--- JanOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R2>
• R3:
R3 (ttyd0)

login: lab
Password:

--- JanOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R3>
• R4:
R4 (ttyd0)

Lab 10–2 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
login: lab
Password:

--- JanOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R4>
• R5:
R5 (ttyd0)

login: lab
Password:

--- JanOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R5>
• VR-device:
vr-device (ttyd0)

login: lab
Password:

--- JanOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@vr-device>

TASK 1
Configure the LSPs, defined in the following LSP tables, through
your network and ensure all LSPs are up and functional.
Note
We recommend that you include the
configuration steps for the third task while
you are configuring the first task. This
approach will save you time and effort as
you move through the tasks of this lab.

The third task states:


Ensure that the r1-to-r5 LSP has two unique paths. The primary path
should traverse R4 while the secondary path should use a different
path and be signaled and ready for use.

R1

LSP name Egress address


r1-to-r3 172.27.255.3
r1-to-r4 172.27.255.4
r1-to-r5 172.27.255.5

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–3


JNCIE Service Provider Bootcamp

R3

LSP name Egress address


r3-to-r1 172.27.255.1
r3-to-r4 172.27.255.4
r3-to-r5 172.27.255.5

R4

LSP name Egress address


r4-to-r1 172.27.255.1
r4-to-r3 172.27.255.3
r4-to-r5 172.27.255.5

R5

LSP name Egress address


r5-to-r1 172.27.255.1
r5-to-r3 172.27.255.3
r5-to-r4 172.27.255.4

TASK INTERPRETATION
The task appears to be a simple one and in some aspects it is. The difficult part of this task is
ensuring you properly configure each LSP and keep track of the LSPs you have configured.
A good way to track your progress is to check off each LSP as you configure them. This ensures
you do not overlook creating one of the LSPs, because the failure to configure any portion of the
task, results in the loss of points for the entire task. Another aspect of this task to keep in mind
is that the LSPs must be defined exactly as shown on the LSP tables.
In this task, you configure standard individual RSVP LSPs, but looking ahead to the third task,
you know that for the LSP from R1 to R5 there are additional constraints that we need to
configure. Therefore, it makes good sense while configuring the LSP from R1 to R5 that you
combine these actions into a single configuration task. The third task requires that you configure
two unique paths to be applied to the LSP you configured to egress on R5. There is also a
requirement for the second path to be signaled and ready for use. This is accomplished by using
the standby option when creating the secondary path.

Lab 10–4 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
TASK COMPLETION
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# set protocols rsvp interface ae0

[edit]
lab@R1# set protocols rsvp interface ge-0/0/6

[edit]
lab@R1# edit protocols mpls

[edit protocols mpls]


lab@R1# set interface all

[edit protocols mpls]


lab@R1# set label-switched-path r1-to-r3 to 172.27.255.3

[edit protocols mpls]


lab@R1# set label-switched-path r1-to-r4 to 172.27.255.4

[edit protocols mpls]


lab@R1# set path path-1 172.27.0.9 strict

[edit protocols mpls]


lab@R1# set path path-2 172.27.0.13 strict

[edit protocols mpls]


lab@R1# set label-switched-path r1-to-r5 to 172.27.255.5

[edit protocols mpls]


lab@R1# set label-switched-path r1-to-r5 primary path-1

[edit protocols mpls]


lab@R1# set label-switched-path r1-to-r5 secondary path-2 standby

[edit protocols mpls]


lab@R1# show
label-switched-path r1-to-r3 {
to 172.27.255.3;
}
label-switched-path r1-to-r4 {
to 172.27.255.4;
}
label-switched-path r1-to-r5 {
to 172.27.255.5;
primary path-1;
secondary path-2 {
standby;
}
}

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–5


JNCIE Service Provider Bootcamp
path path-1 {
172.27.0.9 strict;
}
path path-2 {
172.27.0.13 strict;
}
interface all;

[edit protocols mpls]


lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>
• R3:
lab@R3> configure
Entering configuration mode

[edit]
lab@R3# set protocols rsvp interface all

[edit]
lab@R3# edit protocols mpls

[edit protocols mpls]


lab@R3# set interface all

[edit protocols mpls]


lab@R3# set label-switched-path r3-to-r1 to 172.27.255.1

[edit protocols mpls]


lab@R3# set label-switched-path r3-to-r4 to 172.27.255.4

[edit protocols mpls]


lab@R3# set label-switched-path r3-to-r5 to 172.27.255.5

[edit protocols mpls]


lab@R3# show
label-switched-path r3-to-r1 {
to 172.27.255.1;
}
label-switched-path r3-to-r4 {
to 172.27.255.4;
}
label-switched-path r3-to-r5 {
to 172.27.255.5;
}
interface all;

[edit protocols mpls]


lab@R3# commit and-quit

commit complete

Lab 10–6 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
Exiting configuration mode

lab@R3>
• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# set protocols rsvp interface ae0

[edit]
lab@R4# set protocols rsvp interface ge-0/0/4

[edit]
lab@R4# set protocols rsvp interface ge-0/0/5

[edit]
lab@R4# edit protocols mpls

[edit protocols mpls]


lab@R4# set interface all

[edit protocols mpls]


lab@R4# set label-switched-path r4-to-r1 to 172.27.255.1

[edit protocols mpls]


lab@R4# set label-switched-path r4-to-r3 to 172.27.255.3

[edit protocols mpls]


lab@R4# set label-switched-path r4-to-r5 to 172.27.255.5

[edit protocols mpls]


lab@R4# show
label-switched-path r4-to-r1 {
to 172.27.255.1;
}
label-switched-path r4-to-r3 {
to 172.27.255.3;
}
label-switched-path r4-to-r5 {
to 172.27.255.5;
}
interface all;

[edit protocols mpls]


lab@R4# commit and-quit

commit complete
Exiting configuration mode

lab@R4>

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–7


JNCIE Service Provider Bootcamp
• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# set protocols rsvp interface all

[edit]
lab@R5# edit protocols mpls

[edit protocols mpls]


lab@R5# set interface all

[edit protocols mpls]


lab@R5# set label-switched-path r5-to-r1 to 172.27.255.1

[edit protocols mpls]


lab@R5# set label-switched-path r5-to-r3 to 172.27.255.3

[edit protocols mpls]


lab@R5# set label-switched-path r5-to-r4 to 172.27.255.4

[edit protocols mpls]


lab@R5# show
label-switched-path r5-to-r1 {
to 172.27.255.1;
}
label-switched-path r5-to-r3 {
to 172.27.255.3;
}
label-switched-path r5-to-r4 {
to 172.27.255.4;
}
interface all;

[edit protocols mpls]


lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>
TASK VERIFICATION
Begin your verification by reviewing the status of your LSPs from the perspective of R1. If
everything is functioning well, move through the rest of the routers on which you configured
LSPs.
• R1:
lab@R1> show mpls lsp
Ingress LSP: 3 sessions
To From State Rt P ActivePath LSPname
172.27.255.3 0.0.0.0 Dn 0 - r1-to-r3
172.27.255.4 0.0.0.0 Dn 0 - r1-to-r4

Lab 10–8 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
172.27.255.5 0.0.0.0 Dn 0 - r1-to-r5
Total 3 displayed, Up 0, Down 3

Egress LSP: 0 sessions


Total 0 displayed, Up 0, Down 0

Transit LSP: 0 sessions


Total 0 displayed, Up 0, Down 0

lab@R1> show mpls lsp extensive


Ingress LSP: 3 sessions

172.27.255.3
From: 0.0.0.0, State: Dn, ActiveRoute: 0, LSPname: r1-to-r3
ActivePath: (none)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
Primary State: Dn
Priorities: 7 0
SmartOptimizeTimer: 180
No computed ERO.
Created: Thu Jan 29 11:30:17 2015

172.27.255.4
From: 0.0.0.0, State: Dn, ActiveRoute: 0, LSPname: r1-to-r4
ActivePath: (none)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
Primary State: Dn
Priorities: 7 0
SmartOptimizeTimer: 180
No computed ERO.
Created: Thu Jan 29 11:30:17 2015

172.27.255.5
From: 0.0.0.0, State: Dn, ActiveRoute: 0, LSPname: r1-to-r5
ActivePath: (none)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
Primary path-1 State: Dn
Priorities: 7 0
SmartOptimizeTimer: 180
No computed ERO.
Standby path-2 State: Dn
Priorities: 7 0
SmartOptimizeTimer: 180
No computed ERO.
Created: Thu Jan 29 11:30:17 2015
Total 3 displayed, Up 0, Down 3

Egress LSP: 0 sessions


Total 0 displayed, Up 0, Down 0

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–9


JNCIE Service Provider Bootcamp

Transit LSP: 0 sessions


Total 0 displayed, Up 0, Down 0

lab@R1> show mpls interface

lab@R1>

Question: What is the State of your LSPs?

Answer: At this point the LSPs should all show Dn.

Question: Using the previous outputs from R1, why are the LSPs
down?

Answer: The answer lies with the last command that was
executed. No interfaces are participating in MPLS.

TASK CORRECTION
To correct the issue you have to enable family mpls on all interfaces that will be participating
in your MPLS network.
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# edit interfaces

[edit interfaces]
lab@R1# set ae0 unit 0 family mpls

[edit interfaces]
lab@R1# set ge-0/0/6 unit 0 family mpls

[edit interfaces]
lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>
• R3:
lab@R3> configure
Entering configuration mode

Lab 10–10 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
[edit]
lab@R3# edit interfaces

[edit interfaces]
lab@R3# set ge-0/0/1 unit 0 family mpls

[edit interfaces]
lab@R3# set ge-0/0/2 unit 0 family mpls

[edit interfaces]
lab@R3# set ge-0/0/3 unit 0 family mpls

[edit interfaces]
lab@R3# commit and-quit

commit complete
Exiting configuration mode

lab@R3>
• R4:

lab@R4> configure
Entering configuration mode

[edit]
lab@R4# edit interfaces

[edit interfaces]
lab@R4# set ae0 unit 0 family mpls

[edit interfaces]
lab@R4# set ge-0/0/4 unit 0 family mpls

[edit interfaces]
lab@R4# set ge-0/0/5 unit 0 family mpls

[edit interfaces]
lab@R4# commit and-quit

commit complete
Exiting configuration mode

lab@R4>
• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# edit interfaces

[edit interfaces]
lab@R5# set ge-0/0/1 unit 0 family mpls

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–11


JNCIE Service Provider Bootcamp
[edit interfaces]
lab@R5# set ge-0/0/2 unit 0 family mpls

[edit interfaces]
lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>
Now that you have added the protocol family to the correct interfaces, you must review the state
of your LSPs. Begin with one router and then progress through the rest of the routers on which
you configured LSPs.
• R1:
lab@R1> show mpls lsp
Ingress LSP: 3 sessions
To From State Rt P ActivePath LSPname
172.27.255.3 172.27.255.1 Up 10 * r1-to-r3
172.27.255.4 172.27.255.1 Up 0 * r1-to-r4
172.27.255.5 172.27.255.1 Up 10 * path-1 r1-to-r5
Total 3 displayed, Up 3, Down 0

Egress LSP: 3 sessions


To From State Rt Style Labelin Labelout LSPname
172.27.255.1 172.27.255.4 Up 0 1 FF 3 - r4-to-r1
172.27.255.1 172.27.255.3 Up 0 1 FF 3 - r3-to-r1
172.27.255.1 172.27.255.5 Up 0 1 FF 3 - r5-to-r1
Total 3 displayed, Up 3, Down 0

Transit LSP: 0 sessions


Total 0 displayed, Up 0, Down 0

Question: What is the State of your LSPs?

Answer: You should see that all your LSPs are Up and
functioning correctly. If you do not see all LSPs up, you can wait
a few minutes and try again. If they do not, please review your
changes and ask your instructor for help.

• R3:
lab@R3> show mpls lsp
Ingress LSP: 3 sessions
To From State Rt P ActivePath LSPname
172.27.255.1 172.27.255.3 Up 10 * r3-to-r1
172.27.255.4 172.27.255.3 Up 0 * r3-to-r4
172.27.255.5 172.27.255.3 Up 10 * r3-to-r5
Total 3 displayed, Up 3, Down 0

Egress LSP: 3 sessions

Lab 10–12 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
To From State Rt Style Labelin Labelout LSPname
172.27.255.3 172.27.255.4 Up 0 1 FF 3 - r4-to-r3
172.27.255.3 172.27.255.5 Up 0 1 FF 3 - r5-to-r3
172.27.255.3 172.27.255.1 Up 0 1 FF 3 - r1-to-r3
Total 3 displayed, Up 3, Down 0

Transit LSP: 1 sessions


To From State Rt Style Labelin Labelout LSPname
172.27.255.5 172.27.255.1 Up 1 1 FF 299776 3 r1-to-r5
Total 1 displayed, Up 1, Down 0

• R4:
lab@R4> show mpls lsp
Ingress LSP: 3 sessions
To From State Rt P ActivePath LSPname
172.27.255.1 172.27.255.4 Up 10 * r4-to-r1
172.27.255.3 172.27.255.4 Up 10 * r4-to-r3
172.27.255.5 172.27.255.4 Up 10 * r4-to-r5
Total 3 displayed, Up 3, Down 0

Egress LSP: 3 sessions


To From State Rt Style Labelin Labelout LSPname
172.27.255.4 172.27.255.5 Up 0 1 FF 3 - r5-to-r4
172.27.255.4 172.27.255.3 Up 0 1 FF 3 - r3-to-r4
172.27.255.4 172.27.255.1 Up 0 1 FF 3 - r1-to-r4
Total 3 displayed, Up 3, Down 0

Transit LSP: 2 sessions


To From State Rt Style Labelin Labelout LSPname
172.27.255.1 172.27.255.5 Up 1 1 FF 299792 3 r5-to-r1
172.27.255.5 172.27.255.1 Up 1 1 FF 299776 3 r1-to-r5
Total 2 displayed, Up 2, Down 0

• R5:
lab@R5> show mpls lsp
Ingress LSP: 3 sessions
To From State Rt P ActivePath LSPname
172.27.255.1 172.27.255.5 Up 10 * r5-to-r1
172.27.255.3 172.27.255.5 Up 10 * r5-to-r3
172.27.255.4 172.27.255.5 Up 0 * r5-to-r4
Total 3 displayed, Up 3, Down 0

Egress LSP: 4 sessions


To From State Rt Style Labelin Labelout LSPname
172.27.255.5 172.27.255.4 Up 0 1 FF 3 - r4-to-r5
172.27.255.5 172.27.255.3 Up 0 1 FF 3 - r3-to-r5
172.27.255.5 172.27.255.1 Up 0 1 FF 3 - r1-to-r5
172.27.255.5 172.27.255.1 Up 0 1 FF 3 - r1-to-r5
Total 4 displayed, Up 4, Down 0

Transit LSP: 0 sessions


Total 0 displayed, Up 0, Down 0

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–13


JNCIE Service Provider Bootcamp
Question: What is the State of your LSPs?

Answer: You should see that all you LSPs are Up and functioning
correctly.

TASK 2
R2 is not allowed to run RSVP to signal its LSPs. You must route
between R2 and R5 using a LSP. You must also ensure that the failure
of any transit router does not prevent the exchange of labels
between R2 and R5. LDP is prohibited on R3.
TASK INTERPRETATION
The task is telling you that you must configure LDP to signal LSPs, in addition to the RSVP LSPs.
As the task indicates, you are not allowed to run LDP on R3 and you must ensure redundancy.
To meet the requirements of this task, you must configure LDP tunneling through your RSVP LSP
network. You configure LDP tunneling for the LSPs from both R1 and R4 that terminate on R5.
This ensures that labels are still exchanged from R2 to R5 if there is a failure of any transit
device through the RSVP network.
TASK COMPLETION
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# edit interfaces

[edit interfaces]
lab@R1# set ge-0/0/3 unit 0 family mpls

[edit interfaces]
lab@R1# top

[edit]
lab@R1# set protocols ldp interface ge-0/0/3

[edit]
lab@R1# set protocols ldp interface lo0

[edit]
lab@R1# set protocols mpls label-switched-path r1-to-r5 ldp-tunneling

[edit]
lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>

Lab 10–14 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
• R2:
lab@R2> configure
Entering configuration mode

[edit]
lab@R2# edit interfaces

[edit interfaces]
lab@R2# set ge-0/0/1 unit 0 family mpls

[edit interfaces]
lab@R2# set ge-0/0/4 unit 0 family mpls

[edit interfaces]
lab@R2# top

[edit]
lab@R2# set protocols ldp interface all

[edit]
lab@R2# commit and-quit

commit complete
Exiting configuration mode

lab@R2>
• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# set interfaces ge-0/0/1 unit 0 family mpls

[edit]
lab@R4# set protocols ldp interface lo0

[edit]
lab@R4# set protocols ldp interface ge-0/0/1

[edit]
lab@R4# set protocols mpls label-switched-path r4-to-r5 ldp-tunneling

[edit]
lab@R4# commit and-quit

commit complete
Exiting configuration mode

lab@R4>
• R5:
lab@R5> configure
Entering configuration mode

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–15


JNCIE Service Provider Bootcamp

[edit]
lab@R5# set protocols ldp interface lo0

[edit]
lab@R5# set protocols mpls label-switched-path r5-to-r1 ldp-tunneling

[edit]
lab@R5# set protocols mpls label-switched-path r5-to-r4 ldp-tunneling

[edit]
lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>
TASK VERIFICATION
Begin your verification by reviewing the status of your LSPs from the perspective of R1. If
everything is functioning well, move on through the rest of the routers on which you configured
LDP.
• R1:
lab@R1> show ldp interface
Interface Label space ID Nbr count Next hello
ge-0/0/3.0 172.27.255.1:0 1 4
lo0.0 172.27.255.1:0 1 0

lab@R1> show ldp neighbor


Address Interface Label space ID Hold time
172.27.0.2 ge-0/0/3.0 172.27.255.2:0 12
172.27.255.5 lo0.0 172.27.255.5:0 33

lab@R1> show ldp session


Address State Connection Hold time Adv. Mode
172.27.255.2 Operational Open 26 DU
172.27.255.5 Operational Open 26 DU

• R2:
lab@R2> show ldp interface
Interface Label space ID Nbr count Next hello
lo0.0 172.27.255.2:0 0 0
ge-0/0/1.0 172.27.255.2:0 1 4
ge-0/0/4.0 172.27.255.2:0 1 2

lab@R2> show ldp neighbor


Address Interface Label space ID Hold time
172.27.0.1 ge-0/0/1.0 172.27.255.1:0 14
172.27.0.6 ge-0/0/4.0 172.27.255.4:0 13

Lab 10–16 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
lab@R2> show ldp session
Address State Connection Hold time Adv. Mode
172.27.255.1 Operational Open 21 DU
172.27.255.4 Operational Open 21 DU

• R4:
lab@R4> show ldp interface
Interface Label space ID Nbr count Next hello
lo0.0 172.27.255.4:0 1 0
ge-0/0/1.0 172.27.255.4:0 1 2

lab@R4> show ldp neighbor


Address Interface Label space ID Hold time
172.27.255.5 lo0.0 172.27.255.5:0 42
172.27.0.5 ge-0/0/1.0 172.27.255.2:0 13

lab@R4> show ldp session


Address State Connection Hold time Adv. Mode
172.27.255.2 Operational Open 28 DU
172.27.255.5 Operational Open 28 DU

• R5:
lab@R5> show ldp interface
Interface Label space ID Nbr count Next hello
lo0.0 172.27.255.5:0 2 0

lab@R5> show ldp neighbor


Address Interface Label space ID Hold time
172.27.255.1 lo0.0 172.27.255.1:0 35
172.27.255.4 lo0.0 172.27.255.4:0 38

lab@R5> show ldp session


Address State Connection Hold time Adv. Mode
172.27.255.1 Operational Open 28 DU
172.27.255.4 Operational Open 28 DU

Question: What is the State of your LDP sessions?

Answer: At this point all you LDP sessions should show


Operational.

Question: Do you see the correct interfaces participating in LDP


on each router?

Answer: Yes, if you added the MPLS family to the interface


configuration as well as added the correct interfaces to LDP.

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–17


JNCIE Service Provider Bootcamp
TASK 3
Ensure that the r1-to-r5 LSP has two unique paths. The primary path
should traverse R4 while the secondary path should use a different
path and be signaled and ready for use.
Note
We recommended that you include the
configuration steps for the third task while
you were configuring the first task. If you
decided not to include the third task then,
now is the time to complete this task.

TASK INTERPRETATION
If you followed the instructions in the first task, you have already completed this task. If you did
not include this task when you configured your RSVP LSPs then you should complete this task
now. You can refer to the detailed steps outlined in the first task to complete this third task.
TASK 4
Configure the administrative groups, defined in the Admin Groups
table, on all RSVP routers. Apply these administrative groups to the
appropriate links as illustrated on the lab diagram. Ensure that the
r3-to-r4 LSP avoids the R3-R4 link.

Admin Groups

plat 1
gold 2
silver 3
bronze 4

TASK INTERPRETATION
This task requires you to configure the administrative groups defined in the table. Apply these
groups to the appropriate links and ensure that you apply the additional constraints to the
defined LSP r3-to-r4 by excluding the bronze admin group.
TASK COMPLETION
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# edit protocols mpls

[edit protocols mpls]


lab@R1# set admin-groups plat 1

[edit protocols mpls]


lab@R1# set admin-groups gold 2

Lab 10–18 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
[edit protocols mpls]
lab@R1# set admin-groups silver 3

[edit protocols mpls]


lab@R1# set admin-groups bronze 4

[edit protocols mpls]


lab@R1# set interface ae0 admin-group plat

[edit protocols mpls]


lab@R1# set interface ge-0/0/6 admin-group gold

[edit protocols mpls]


lab@R1# show
admin-groups {
plat 1;
gold 2;
silver 3;
bronze 4;
}
label-switched-path r1-to-r3 {
to 172.27.255.3;
}
label-switched-path r1-to-r4 {
to 172.27.255.4;
}
label-switched-path r1-to-r5 {
to 172.27.255.5;
ldp-tunneling;
primary path-1;
secondary path-2 {
standby;
}
}
path path-1 {
172.27.0.9 strict;
}
path path-2 {
172.27.0.13 strict;
}
interface all;
interface ae0.0 {
admin-group plat;
}
interface ge-0/0/6.0 {
admin-group gold;
}

[edit protocols mpls]


lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–19


JNCIE Service Provider Bootcamp
• R3:
lab@R3> configure
Entering configuration mode

[edit]
lab@R3# edit protocols mpls

[edit protocols mpls]


lab@R3# set admin-groups plat 1

[edit protocols mpls]


lab@R3# set admin-groups gold 2

[edit protocols mpls]


lab@R3# set admin-groups silver 3

[edit protocols mpls]


lab@R3# set admin-groups bronze 4

[edit protocols mpls]


lab@R3# set interface ge-0/0/1 admin-group gold

[edit protocols mpls]


lab@R3# set interface ge-0/0/2 admin-group bronze

[edit protocols mpls]


lab@R3# set interface ge-0/0/3 admin-group plat

[edit protocols mpls]


lab@R3# set label-switched-path r3-to-r4 admin-group exclude bronze

[edit protocols mpls]


lab@R3# show
admin-groups {
plat 1;
gold 2;
silver 3;
bronze 4;
}
label-switched-path r3-to-r1 {
to 172.27.255.1;
}
label-switched-path r3-to-r4 {
to 172.27.255.4;
admin-group exclude bronze;
}
label-switched-path r3-to-r5 {
to 172.27.255.5;
}
interface all;
interface ge-0/0/1.0 {
admin-group gold;
}

Lab 10–20 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
interface ge-0/0/2.0 {
admin-group bronze;
}
interface ge-0/0/3.0 {
admin-group plat;
}

[edit protocols mpls]


lab@R3# commit and-quit

commit complete
Exiting configuration mode

lab@R3>
• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# edit protocols mpls

[edit protocols mpls]


lab@R4# set admin-groups plat 1

[edit protocols mpls]


lab@R4# set admin-groups gold 2

[edit protocols mpls]


lab@R4# set admin-groups silver 3

[edit protocols mpls]


lab@R4# set admin-groups bronze 4

[edit protocols mpls]


lab@R4# set interface ae0 admin-group plat

[edit protocols mpls]


lab@R4# set interface ge-0/0/4 admin-group gold

[edit protocols mpls]


lab@R4# set interface ge-0/0/5 admin-group bronze

[edit protocols mpls]


lab@R4# show
admin-groups {
plat 1;
gold 2;
silver 3;
bronze 4;
}
label-switched-path r4-to-r1 {
to 172.27.255.1;
}

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–21


JNCIE Service Provider Bootcamp
label-switched-path r4-to-r3 {
to 172.27.255.3;
}
label-switched-path r4-to-r5 {
to 172.27.255.5;
ldp-tunneling;
}
interface all;
interface ae0.0 {
admin-group plat;
}
interface ge-0/0/4.0 {
admin-group gold;
}
interface ge-0/0/5.0 {
admin-group bronze;
}

[edit protocols mpls]


lab@R4# commit and-quit

commit complete
Exiting configuration mode

lab@R4>
• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# edit protocols mpls

[edit protocols mpls]


lab@R5# set admin-groups plat 1

[edit protocols mpls]


lab@R5# set admin-groups gold 2

[edit protocols mpls]


lab@R5# set admin-groups silver 3

[edit protocols mpls]


lab@R5# set admin-groups bronze 4

[edit protocols mpls]


lab@R5# set interface ge-0/0/1 admin-group plat

[edit protocols mpls]


lab@R5# set interface ge-0/0/2 admin-group gold

[edit protocols mpls]


lab@R5# show
admin-groups {
plat 1;

Lab 10–22 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
gold 2;
silver 3;
bronze 4;
}
label-switched-path r5-to-r1 {
to 172.27.255.1;
ldp-tunneling;
}
label-switched-path r5-to-r3 {
to 172.27.255.3;
}
label-switched-path r5-to-r4 {
to 172.27.255.4;
ldp-tunneling;
}
interface all;
interface ge-0/0/1.0 {
admin-group plat;
}
interface ge-0/0/2.0 {
admin-group gold;
}

[edit protocols mpls]


lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>
TASK VERIFICATION
Begin your verification by ensuring that all MPLS interfaces have the correct administrative
groups applied. While on R3, you should also verify that the constraints that you applied to the
r3-to-r4 LSP have taken effect. You can do this by reviewing the extensive information for the
particular LSP. You may need to wait for the LSP to resignal or you can manually clear this LSP.
• R1:
lab@R1> show mpls interface
Interface State Administrative groups
ge-0/0/3.0 Up <none>
ge-0/0/6.0 Up gold
ae0.0 Up plat

• R3:
lab@R3> show mpls interface
Interface State Administrative groups
ge-0/0/1.0 Up gold
ge-0/0/2.0 Up bronze
ge-0/0/3.0 Up plat

lab@R3> show mpls lsp name r3-to-r4 extensive


Ingress LSP: 3 sessions

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–23


JNCIE Service Provider Bootcamp

172.27.255.4
From: 172.27.255.3, State: Up, ActiveRoute: 0, LSPname: r3-to-r4
ActivePath: (primary)
LSPtype: Static Configured, Penultimate hop popping
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary State: Up
Priorities: 7 0
SmartOptimizeTimer: 180
Exclude: bronze
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 15)
172.27.0.14 S 172.27.0.9 S
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.27.0.14 172.27.0.9
18 Jan 29 14:48:18.923 Selected as active path
17 Jan 29 14:48:18.904 Record Route: 172.27.0.14 172.27.0.9
16 Jan 29 14:48:18.904 Up
15 Jan 29 14:48:18.798 Originate Call
14 Jan 29 14:48:18.798 CSPF: computation result accepted 172.27.0.14 172.27.0.9
13 Jan 29 14:48:18.797 Clear Call
12 Jan 29 14:48:18.797 Deselected as active
11 Jan 29 14:43:56.589 Record Route: 172.27.0.18
10 Jan 29 14:43:56.589 Up
9 Jan 29 14:43:56.545 Originate Call
8 Jan 29 14:43:56.545 CSPF: computation result accepted 172.27.0.18
7 Jan 29 14:43:56.542 Clear Call
6 Jan 29 11:44:36.108 Selected as active path
5 Jan 29 11:44:36.088 Record Route: 172.27.0.18
4 Jan 29 11:44:36.088 Up
3 Jan 29 11:44:36.027 Originate Call
2 Jan 29 11:44:36.027 CSPF: computation result accepted 172.27.0.18
1 Jan 29 11:44:06.390 CSPF failed: no route toward 172.27.255.4[3 times]
Created: Thu Jan 29 11:32:20 2015
Total 1 displayed, Up 1, Down 0

Egress LSP: 3 sessions


Total 0 displayed, Up 0, Down 0

Transit LSP: 1 sessions


Total 0 displayed, Up 0, Down 0

Question: What path does your r3-to-r4 LSP follow?

Answer: The LSP should now use an alternative path to R4. This
LSP should avoid the more preferred, direct link between R3
and R4.

Lab 10–24 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
• R4:
lab@R4> show mpls interface
Interface State Administrative groups
ge-0/0/1.0 Up <none>
ge-0/0/4.0 Up gold
ge-0/0/5.0 Up bronze
ae0.0 Up plat

• R5:
lab@R5> show mpls interface
Interface State Administrative groups
ge-0/0/1.0 Up plat
ge-0/0/2.0 Up gold

TASK 5
Configure the r5-to-r1 LSP to reserve 450 Mbps of bandwidth across
the network.
TASK INTERPRETATION
This task indicates that you must assign a bandwidth reservation to the LSP that you created
from r5-to-r1.
TASK COMPLETION
• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# edit protocols mpls

[edit protocols mpls]


lab@R5# set label-switched-path r5-to-r1 bandwidth 450m

[edit protocols mpls]


lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>
TASK VERIFICATION
On R5, verify that the r5-to-r1 LSP is requesting the bandwidth and the LSP has been
signaled. You can also see the reservation by looking at the RSVP interfaces.
• R5:
lab@R5> show mpls lsp name r5-to-r1 extensive
Ingress LSP: 3 sessions

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–25


JNCIE Service Provider Bootcamp
172.27.255.1
From: 172.27.255.5, State: Up, ActiveRoute: 10, LSPname: r5-to-r1
ActivePath: (primary)
Link protection desired
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary State: Up,
Priorities: 7 0
Bandwidth: 450Mbps
SmartOptimizeTimer: 180
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 15)
172.27.0.21 S 172.27.0.10 S
...

lab@R5> show rsvp interface


RSVP interface: 6 active
Active Subscr- Static Available Reserved Highwater
Interface State resv iption BW BW BW mark
ge-0/0/0.0 Up 0 100% 1000Mbps 1000Mbps 0bps 0bps
ge-0/0/1.0 Up 1 100% 1000Mbps 1000Mbps 0bps 0bps
ge-0/0/2.0 Up 2 100% 1000Mbps 550Mbps 450Mbps 450Mbps
ge-0/0/3.0 Up 0 100% 1000Mbps 1000Mbps 0bps 0bps
ge-0/0/4.0 Up 0 100% 1000Mbps 1000Mbps 0bps 0bps
ge-0/0/6.0 Up 0 100% 1000Mbps 1000Mbps 0bps 0bps

lab@R5> show rsvp interface ge-0/0/2.0 extensive


ge-0/0/2.0 Index 71, State Ena/Up
NoAuthentication, NoAggregate, NoReliable, NoLinkProtection
HelloInterval 9(second)
Address 172.27.0.22
ActiveResv 2, PreemptionCnt 0, Update threshold 10%
Subscription 100%,
bc0 = ct0, StaticBW 1000Mbps
ct0: StaticBW 1000Mbps, AvailableBW 550Mbps
MaxAvailableBW 1000Mbps = (bc0*subscription)
ReservedBW [0] 450Mbps[1] 0bps[2] 0bps[3] 0bps[4] 0bps[5] 0bps[6] 0bps[7] 0bps
Protection: Off

Question: Do you see the correct bandwidth reservation?

Answer: Yes, you should see that the LSP is reserving 450 Mbps
of bandwidth.

TASK 6
Create a bypass to improve convergence time for the r5-to-r1 LSP in
the event of a R4-R1 link failure. Ensure bandwidth reservation is
honored and the best available path is chosen.

Lab 10–26 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
TASK INTERPRETATION
This task indicates that you need to configure some type of traffic protection. Based on the
constraints placed on the task we can eliminate Fast Reroute as an option because we need to
maintain the bandwidth reservation that we configured in the previous task. If you read the task
carefully you will notice that you are protecting the LSP from a particular link failure, so the
protection mechanism that you are using is link-protection.
Begin by setting the RSVP interface on which you are going to enable link protection. You must
also configure the interface to reserve the 450 Mbps on the bypass LSP. Next, you must enable
link-protection on the ingress router for the r5-to-r1 LSP. This will allow the bypass to be
signaled.
TASK COMPLETION
• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# set protocols rsvp interface ae0.0 link-protection bandwidth 450m

[edit]
lab@R4# commit and-quit

commit complete
Exiting configuration mode

lab@R4>
• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# set protocols mpls label-switched-path r5-to-r1 link-protection

[edit]
lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>
TASK VERIFICATION
Begin your verification by looking at the LSP from the perspective of the ingress router (R5).
After determining that link-protection is being requested for the LSP, move to R4 and verify that
the RSVP interface you configured is creating a bypass LSP.
• R5:
lab@R5> show mpls lsp name r5-to-r1 detail
Ingress LSP: 3 sessions

172.27.255.1

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–27


JNCIE Service Provider Bootcamp
From: 172.27.255.5, State: Up, ActiveRoute: 10, LSPname: r5-to-r1
ActivePath: (primary)
Link protection desired
LSPtype: Static Configured
LoadBalance: Random
Encoding type: Packet, Switching type: Packet, GPID: IPv4
*Primary State: Up
Priorities: 7 0
Bandwidth: 450Mbps
SmartOptimizeTimer: 180
Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 2)
172.27.0.21 S 172.27.0.10 S
Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt
20=Node-ID):
172.27.255.4(flag=0x21) 172.27.0.21(flag=1 Label=300080)
172.27.255.1(flag=0x20) 172.27.0.10(Label=3)
Total 1 displayed, Up 1, Down 0

Egress LSP: 4 sessions


Total 0 displayed, Up 0, Down 0

Transit LSP: 2 sessions


Total 0 displayed, Up 0, Down 0

Question: Is link protection being requested by the ingress


router?

Answer: Yes, you should see in the above output that


link-protection is desired for this LSP.

• R4:
lab@R4> show rsvp interface ae0.0 extensive
ae0.0 Index 70, State Ena/Up
NoAuthentication, NoAggregate, NoReliable, LinkProtection
HelloInterval 9(second)
Address 172.27.0.9
ActiveResv 2, PreemptionCnt 0, Update threshold 10%
Subscription 100%,
bc0 = ct0, StaticBW 2Gbps
ct0: StaticBW 2Gbps, AvailableBW 1.55Gbps
MaxAvailableBW 2Gbps = (bc0*subscription)
ReservedBW [0] 450Mbps[1] 0bps[2] 0bps[3] 0bps[4] 0bps[5] 0bps[6] 0bps[7] 0bps
Protection: On, Bypass: 1, LSP: 1, Protected LSP: 1, Unprotected LSP: 0
1 Jan 29 14:52:38 New bypass Bypass->172.27.0.10
Bypass: Bypass->172.27.0.10, State: Up, Type: LP, LSP: 1, Backup: 0
3 Jan 29 14:52:39 Record Route: 172.27.0.17 172.27.0.14
2 Jan 29 14:52:39 Up
1 Jan 29 14:52:39 CSPF: computation result accepted

lab@R4> show mpls lsp bypass extensive


Ingress LSP: 1 sessions

Lab 10–28 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp

172.27.255.1
From: 172.27.255.4, LSPstate: Up, ActiveRoute: 0
LSPname: Bypass->172.27.0.10
LSPtype: Static Configured
Suggested label received: -, Suggested label sent: -
Recovery label received: -, Recovery label sent: 299792
Resv style: 1 SE, Label in: -, Label out: 299792
Time left: -, Since: Thu Jan 29 14:52:39 2015
Tspec: rate 450Mbps size 450Mbps peak Infbps m 20 M 1500
Port number: sender 1 receiver 40735 protocol 0
Type: Bypass LSP
Number of data route tunnel through: 1
Number of RSVP session tunnel through: 0
PATH rcvfrom: localclient
Adspec: sent MTU 1500
Path MTU: received 1500
PATH sentto: 172.27.0.17 (ge-0/0/5.0) 4 pkts
RESV rcvfrom: 172.27.0.17 (ge-0/0/5.0) 4 pkts
Explct route: 172.27.0.17 172.27.0.14
Record route: <self> 172.27.0.17 172.27.0.14
Total 1 displayed, Up 1, Down 0

Egress LSP: 0 sessions


Total 0 displayed, Up 0, Down 0

Transit LSP: 0 sessions


Total 0 displayed, Up 0, Down 0

Question: Do you see a bypass LSP?

Answer: Yes, you should see a bypass LSP being signaled.

Question: Which path is the bypass taking?

Answer: You can determine this by looking at the record route


values associated with the bypass LSP, which indicate that the
bypass is going through R3 then to R1.

lab@R4> show rsvp interface


RSVP interface: 3 active
Active Subscr- Static Available Reserved Highwater
Interface State resv iption BW BW BW mark
ae0.0 Up 2 100% 2Gbps 1.55Gbps 450Mbps 450Mbps
ge-0/0/4.0 Up 3 100% 1000Mbps 1000Mbps 0bps 0bps
ge-0/0/5.0 Up 2 100% 1000Mbps 550Mbps 450Mbps 450Mbps

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–29


JNCIE Service Provider Bootcamp
Question: Do you see the correct bandwidth reservations on
both RSVP interfaces?

Answer: Yes, you should see 450 Mbps for two interfaces now.
The second interface indicates that the bypass LSP is also
reserving bandwidth as the task required.

TASK 7
Ensure that all MPLS packets that transit the R1-R4 link are load
balanced across both member links of the Aggregated Ethernet bundle.
The contents of the outer label as well as the IP packet should be
used by the load balancing algorithm.
TASK INTERPRETATION
This task indicates that you must alter the hash key being used by the forwarding table when
deciding what interface next-hop to use for MPLS traffic traversing the aggregated Ethernet
interface.
Based on the requirements, you must use the first label as well as the IP payload when
calculating the physical interface to send the MPLS traffic out. You must make this configuration
change on both R1 and R4 to meet the requirements of the task.
TASK COMPLETION
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# set forwarding-options hash-key family mpls label-1 payload ip

[edit]
lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>

• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# set forwarding-options hash-key family mpls label-1 payload ip

[edit]
lab@R4# commit and-quit

Lab 10–30 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
commit complete
Exiting configuration mode

lab@R4>
TASK VERIFICATION
Because no transit traffic is traversing your core network, you need no verification steps for this
particular task. If you configured the hash algorithm as illustrated in the detailed steps, then
everything should be working correctly.
TASK 8
Ensure that the entire core network appears as two hops for any
transit traffic.
TASK INTERPRETATION
This task indicates that you must alter the default TTL behavior. Even though all devices in your
MPLS network are running the Janos OS, you must use the no-propagate-ttl option. You
must use this option because LDP is not supported by the no-decrement-ttl feature. You
must configure the no-propagate-ttl option for all MPLS LSP on all routers.
TASK COMPLETION
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# set protocols mpls no-propagate-ttl

[edit]
lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>
• R2:

lab@R2> configure
Entering configuration mode

[edit]
lab@R2# set protocols mpls no-propagate-ttl

[edit]
lab@R2# commit and-quit

commit complete
Exiting configuration mode

lab@R2>

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–31


JNCIE Service Provider Bootcamp
• R3:
lab@R3> configure
Entering configuration mode

[edit]
lab@R3# set protocols mpls no-propagate-ttl

[edit]
lab@R3# commit and-quit

commit complete
Exiting configuration mode

lab@R3>
• R4:

lab@R4> configure
Entering configuration mode

[edit]
lab@R4# set protocols mpls no-propagate-ttl

[edit]
lab@R4# commit and-quit

commit complete
Exiting configuration mode

lab@R4>
• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# set protocols mpls no-propagate-ttl

[edit]
lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>

Lab 10–32 • MPLS Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp

Note
For verification, you can traceroute through
your MPLS core using the vr-device router.
Each virtual routing instance acting as a
external provider has a loopback address
assigned to it. You can use these
addresses to verify TTL behavior. Before
verifying, you must resignal all the LSPs for
this change to take effect.

TASK VERIFICATION
Verify that the changes you made have taken effect using traceroute.
Clear your MPLS LSPs on all routers using the clear mpls lsp command. This will allow the
TTL changes to be altered in the sessions.
Move to the VR-device.
Move to your open session on the VR-device and verify your changes by tracerouting from one of
the virtual routers through your core network to another virtual router. For simplicity, use the
traceroute 174.100.0.1 source 177.100.0.1 routing-instance
customer2 command on the VR-device. This will traceroute through the core using the
r5-to-r1 LSP.
lab@vr-device> traceroute 174.100.0.1 source 177.100.0.1 routing-instance
customer2
traceroute to 174.100.0.1 (174.100.0.1) from 177.100.0.1, 30 hops max, 40 byte
packets
1 172.27.0.49 (172.27.0.49) 7.073 ms 7.696 ms 5.292 ms
2 172.27.0.10 (172.27.0.10) 8.747 ms 7.251 ms 7.771 ms
3 174.100.0.1 (174.100.0.1) 6.737 ms 9.255 ms 9.958 ms

Question: How many hops do you see when traversing your core
network?

Answer: You should see only two hops, the ingress and the
egress routers for your LSP.

STOP Tell your instructor that you have completed this lab.

www.juniper.net MPLS Implementation and Troubleshooting • Lab 10–33


JNCIE Service Provider Bootcamp

Lab 10–34 • MPLS Implementation and Troubleshooting www.juniper.net


Lab
MPLS VPNs Implementation and Troubleshooting

Overview
In this lab, you will be given a list of tasks specific to implementing and troubleshooting MPLS
VPNs which you will need to accomplish within a specific time frame. You will have 3 hours to
complete the simulation.
By completing this lab, you will perform the following tasks:
• Create a Layer 3 VPN named vpn-1, connecting the following sites: CE-1, CE-2, CE-3,
and CE-4. The CE-3 and CE-4 sites peer using BGP. The CE-1 and CE-2 are using
OSPF Area 0. Ensure all the CE routers can ping the remote directly connected PE-CE
links.
• The CE-1 and CE-2 routers share a backdoor OSPF connection. Ensure that CE-1 and
CE-2 prefer to send traffic through the Layer 3 VPN. The internal connection between
CE-1 and CE-2 has an interface metric of 10.
• You are required to provide Internet access for vpn-1 on the R1 PE router. You are
allowed to use one static route to complete this task.
• On R1, ensure that vpn-1 traffic destined to CE-1 uses the r1-to-r5-one LSP
and traffic destined to CE-3 uses the r1-to-r5-two LSP.
• Configure a VPLS Layer 2 VPN named vpn-2 between CE-5 and CE-6 using VLAN
200. Make sure the VPN uses the VPN RFC 4448 encapsulation and uses BGP as
the VPN signaling protocol. The maximum number of MAC addresses learned by the
VPLS domain should be limited to 500 on each PE-CE link. Ensure that broadcast
and multicast traffic will be policed to 50 Mbps for all sites before entering the MPLS
domain.
• You must extend vpn-3 connecting CE-7 to CE-8 using an inter-provider solution with
ISP-A. You must not configure a routing instance on R3. The address of the remote PE
will be learned from ISP-A.The remote PE is using the route target value of
target:60001:101. Use the information in the lab diagram for this lab to complete
this task.

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–1


JNCIE Service Provider Bootcamp

Configuring Layer 3 VPNs


In this lab part, you will log in to your assigned routers and configure a Layer 3 VPN. Refer to
network diagram for this lab for topological and configuration details. You will be required to
configure additional features and functionality to your VPN as defined in the tasks for this lab.

Note
We recommend that you spend some time
investigating the current operation of your
routers. During the real exam, you might be
given routers that are operating
inefficiently. Investigating operating issues
now might save you a lot of time
troubleshooting strange issues later.

INITIAL TASK
Access the CLI for your routers using either the console, Telnet, or SSH as directed by your
instructor. Refer to the management network diagram for the IP address associated with your
devices. Log in as user lab with the password lab123.
TASK COMPLETION
• R1:
R1 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R1>
• R2:
R2 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R2>
• R3:
R3 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R3>

Lab 11–2 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
• R4:
R4 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R4>
• R5:
R5 (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@R5>
• VR-device:
vr-device (ttyd0)

login: lab
Password:

--- JUNOS 12.3I20130406_1317_anjali (kernel) #1: 2013-04-06 13:40:14 UTC


lab@vr-device>

TASK 1
Create a Layer 3 VPN called vpn-1, connecting the following sites:
CE-1, CE-2, CE-3, and CE-4. The CE-3 and CE-4 sites peer using BGP.
The CE-1 and CE-2 are using OSPF area 0. Ensure all the CE routers
can ping the remote directly connected PE-CE links.
TASK INTERPRETATION
To complete this task, you must configure a VPN routing instance on routers R1, R5, and R4 to
connect the specified CE devices. Begin by configuring the routing instance on R5 because two
peerings exist. Include the appropriate interfaces for the VPN instance. Define a Type 1 route
distinguisher using the local loopback address, to uniquely identify the source of the route
advertisements. Define the VPN route target as target:65100:100. This target is used to
identify which MP-BGP routes to accept. Configure an external BGP peering to CE-3 from your
routing instance, using the information outlined on the lab diagram. Note, that because both
sites are peering using the same AS, you must configure the BGP groups with as-override.
Using this option allows the PE to advertise the remote routes into the site. Configure an OSPF
peering to the CE-1 router from your routing instance.
You must create a routing policy to export your BGP routes into OSPF on R4 and R5, so that the
routes learned from your MP-BGP and EBGP peers can be shared with the OSPF CE routers. On
R5, you must include the direct route for the interface connecting to CE-3 to ensure that this
route is sent from both R4 and R5 into the OSPF network.
Next, create a routing policy to export the OSPF routes on R5 to CE-3 through BGP. Remember to
include the directly connected network for the OSPF connection to CE-1.

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–3


JNCIE Service Provider Bootcamp
You must enable the support for the VPN NLRI on your internal BGP peering by configuring the
family inet-vpn unicast statement. Make sure you also continue to receive standard
BGP routes by configuring the family inet unicast statement.
To accomplish the final piece of this task, you must make sure that you are advertising the
directly connected networks to your VPN peers. This is handled by default when using the
vrf-target option. If you use a vrf-export and vrf-import policy you must make sure
you include the direct routes.
Make the appropriate configurations one R1 and R4 to establish VPN connectivity to their CE
devices. Use the same method for creating your route distinguisher and ensure that the route
target matches for each instance in the vpn-1 VPN.
TASK COMPLETION
• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# set protocols bgp group internal family inet unicast

[edit]
lab@R5# set protocols bgp group internal family inet-vpn unicast

[edit]
lab@R5# edit routing-instances vpn-1

[edit routing-instances vpn-1]


lab@R5# set instance-type vrf

[edit routing-instances vpn-1]


lab@R5# set interface ge-0/0/3

[edit routing-instances vpn-1]


lab@R5# set interface ge-0/0/4

[edit routing-instances vpn-1]


lab@R5# set route-distinguisher 172.27.255.5:1

[edit routing-instances vpn-1]


lab@R5# set vrf-target target:65100:100

[edit routing-instances vpn-1]


lab@R5# show
instance-type vrf;
interface ge-0/0/3.0;
interface ge-0/0/4.0;
route-distinguisher 172.27.255.5:1;
vrf-target target:65100:100;

[edit routing-instances vpn-1]


lab@R5# set protocols bgp group to-ce3 type external

Lab 11–4 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
[edit routing-instances vpn-1]
lab@R5# set protocols bgp group to-ce3 neighbor 172.27.0.50 peer-as 65100

[edit routing-instances vpn-1]


lab@R5# set protocols bgp group to-ce3 as-override

[edit routing-instances vpn-1]


lab@R5# set protocols ospf area 0 interface ge-0/0/3

[edit routing-instances vpn-1]


lab@R5# top

[edit]
lab@R5# edit policy-options policy-statement bgp-to-ospf

[edit policy-options policy-statement bgp-to-ospf]


lab@R5# set term 1 from protocol bgp

[edit policy-options policy-statement bgp-to-ospf]


lab@R5# set term 1 then accept

[edit policy-options policy-statement bgp-to-ospf]


lab@R5# set term 2 from protocol direct

[edit policy-options policy-statement bgp-to-ospf]


lab@R5# set term 2 from route-filter 172.27.0.48/30 exact

[edit policy-options policy-statement bgp-to-ospf]


lab@R5# set term 2 then accept

[edit policy-options policy-statement bgp-to-ospf]


lab@R5# up

[edit policy-options]
lab@R5# edit policy-statement ospf-to-bgp

[edit policy-options policy-statement ospf-to-bgp]


lab@R5# set term 1 from protocol ospf

[edit policy-options policy-statement ospf-to-bgp]


lab@R5# set term 1 then accept

[edit policy-options policy-statement ospf-to-bgp]


lab@R5# set term 2 from protocol direct

[edit policy-options policy-statement ospf-to-bgp]


lab@R5# set term 2 from route-filter 172.27.0.44/30 exact

[edit policy-options policy-statement ospf-to-bgp]


lab@R5# set term 2 then accept

[edit policy-options policy-statement bgp-to-ospf]


lab@R5# top

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–5


JNCIE Service Provider Bootcamp
[edit]
lab@R5# edit routing-instances vpn-1

[edit routing-instances vpn-1]


lab@R5# set protocols ospf export bgp-to-ospf

[edit routing-instances vpn-1]


lab@R5# set protocols bgp group to-ce3 export ospf-to-bgp

[edit routing-instances vpn-1]


lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>
• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# set protocols bgp group internal family inet unicast

[edit]
lab@R4# set protocols bgp group internal family inet-vpn unicast

[edit]
lab@R4# edit routing-instances vpn-1

[edit routing-instances vpn-1]


lab@R4# set instance-type vrf

[edit routing-instances vpn-1]


lab@R4# set interface ge-0/0/3

[edit routing-instances vpn-1]


lab@R4# set route-distinguisher 172.27.255.4:1

[edit routing-instances vpn-1]


lab@R4# set vrf-target target:65100:100

[edit routing-instances vpn-1]


lab@R4# set protocols ospf area 0 interface ge-0/0/3

[edit routing-instances vpn-1]


lab@R4# top

[edit]
lab@R4# edit policy-options policy-statement bgp-to-ospf

[edit policy-options policy-statement bgp-to-ospf]


lab@R4# set term 1 from protocol bgp

Lab 11–6 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
[edit policy-options policy-statement bgp-to-ospf]
lab@R4# set term 1 then accept

[edit policy-options policy-statement bgp-to-ospf]


lab@R4# top

[edit]
lab@R4# edit routing-instances vpn-1

[edit routing-instances vpn-1]


lab@R4# set protocols ospf export bgp-to-ospf

[edit routing-instances vpn-1]


lab@R4# commit and-quit

commit complete
Exiting configuration mode

lab@R4>
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# set protocols bgp group internal family inet unicast

[edit]
lab@R1# set protocols bgp group internal family inet-vpn unicast

[edit]
lab@R1# edit routing-instances vpn-1

[edit routing-instances vpn-1]


lab@R1# set instance-type vrf

[edit routing-instances vpn-1]


lab@R1# set interface ge-0/0/2

[edit routing-instances vpn-1]


lab@R1# set route-distinguisher 172.27.255.1:1

[edit routing-instances vpn-1]


lab@R1# set vrf-target target:65100:100

[edit routing-instances vpn-1]


lab@R1# set protocols bgp group to-ce4 type external

[edit routing-instances vpn-1]


lab@R1# set protocols bgp group to-ce4 neighbor 172.27.0.34 peer-as 65100

[edit routing-instances vpn-1]


lab@R1# set protocols bgp group to-ce4 as-override

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–7


JNCIE Service Provider Bootcamp
[edit routing-instances vpn-1]
lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>
TASK VERIFICATION
Begin your verification by reviewing the status of your PE to CE neighborships. To simplify the
outputs, you should include the instance option with the show command and specify the VPN
name. Review the vpn-1.inet.0 routing table to verify that you have the remote networks for
the directly connected interface. You can include the terse option to quickly see what networks
are there without all the extra detailed information.
You should also log into the VR-device and verify the routing tables for each of the CE devices.
Finally, verify that you can ping from the local CE interface to the remote CE interfaces for all of
your CE routers.
You do not need to verify every detail from each device because if it is working on one or two
routers, it should be working on all.
You might want to review the contents of the bgp.l3vpn.0 routing table to see which routes
are being learned from which PE router by using the route distinguisher that is prepended to the
prefix.

Note
During the verification phase of the first
task, you must determine which routes are
being sent from which CE device. You can
determine this by systematically reviewing
the VRF tables and isolating the routes. To
save you some time during this step, the CE
devices in your Layer 3 VPN are listed below
with the routes they should be sending:
CE-1 = 65.100.0.0/24 to 65.100.4.0/24
CE-2 = 65.100.5.0/24 to 65.100.9.0/24
CE-3 = 65.100.10.0/24 to 65.100.14.0/24
CE-4 = 65.100.15.0/24 to 65.100.19.0/24

• R5:
lab@R5> show bgp summary instance vpn-1
Groups: 1 Peers: 1 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
vpn-1.inet.0
29 13 0 0 0 0
vpn-1.mdt.0
0 0 0 0 0 0

Lab 11–8 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.50 65100 13 34 0 0 4:11 Establ
vpn-1.inet.0: 6/7/7/0

lab@R5> show ospf neighbor instance vpn-1


Address Interface State ID Pri Dead
172.27.0.46 ge-0/0/3.0 Full 65.100.255.1 128 37

lab@R5> show route table vpn-1.inet.0 terse

vpn-1.inet.0: 31 destinations, 53 routes (31 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

A V Destination P Prf Metric 1 Metric 2 Next hop AS path


* ? 65.100.0.0/30 O 10 11 >172.27.0.46
? B 170 100 11 I
unverified >172.27.0.26
* ? 65.100.1.0/24 O 150 0 >172.27.0.46
? B 170 100 0 I
unverified >172.27.0.26
* ? 65.100.2.0/24 O 150 0 >172.27.0.46
? B 170 100 0 I
unverified >172.27.0.26
* ? 65.100.3.0/24 O 150 0 >172.27.0.46
? B 170 100 0 I
unverified >172.27.0.26
* ? 65.100.4.0/24 O 150 0 >172.27.0.46
? B 170 100 0 I
unverified >172.27.0.26
* ? 65.100.5.0/24 O 150 0 >172.27.0.46
? B 170 100 0 I
unverified >172.27.0.26
* ? 65.100.6.0/24 O 150 0 >172.27.0.46
? B 170 100 0 I
unverified >172.27.0.26
* ? 65.100.7.0/24 O 150 0 >172.27.0.46
? B 170 100 0 I
unverified >172.27.0.26
* ? 65.100.8.0/24 O 150 0 >172.27.0.46
? B 170 100 0 I
unverified >172.27.0.26
* ? 65.100.9.0/24 O 150 0 >172.27.0.46
? B 170 100 0 I
unverified >172.27.0.26
* ? 65.100.10.0/24 B 170 100 0 I
unverified >172.27.0.26
? B 170 100 65100 I
unverified >172.27.0.50
* ? 65.100.11.0/24 B 170 100 0 I
unverified >172.27.0.26
? B 170 100 65100 I
unverified >172.27.0.50
* ? 65.100.12.0/24 B 170 100 0 I

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–9


JNCIE Service Provider Bootcamp
unverified >172.27.0.26
? B 170 100 65100 I
unverified >172.27.0.50
* ? 65.100.13.0/24 B 170 100 0 I
unverified >172.27.0.26
? B 170 100 65100 I
unverified >172.27.0.50
* ? 65.100.14.0/24 B 170 100 0 I
unverified >172.27.0.26
? B 170 100 65100 I
unverified >172.27.0.50
* ? 65.100.15.0/24 B 170 100 65100 I
unverified >172.27.0.26
* ? 65.100.16.0/24 B 170 100 65100 I
unverified >172.27.0.26
* ? 65.100.17.0/24 B 170 100 65100 I
unverified >172.27.0.26
* ? 65.100.18.0/24 B 170 100 65100 I
unverified >172.27.0.26
* ? 65.100.19.0/24 B 170 100 65100 I
unverified >172.27.0.26
* ? 65.100.255.1/32 O 10 1 >172.27.0.46
? B 170 100 11 I
unverified >172.27.0.26
* ? 65.100.255.2/32 O 10 11 >172.27.0.46
? B 170 100 1 I
unverified >172.27.0.26
* ? 65.100.255.3/32 B 170 100 0 I
unverified >172.27.0.26
? B 170 100 65100 I
unverified >172.27.0.50
* ? 65.100.255.4/32 B 170 100 65100 I
unverified >172.27.0.26
* ? 172.27.0.32/30 B 170 100 I
unverified >172.27.0.26
* ? 172.27.0.40/30 O 10 12 >172.27.0.46
? B 170 100 I
unverified >172.27.0.26
* ? 172.27.0.44/30 D 0 >ge-0/0/3.0
? B 170 100 12 I
unverified >172.27.0.26
* ? 172.27.0.45/32 L 0 Local
* ? 172.27.0.48/30 D 0 >ge-0/0/4.0
? B 170 100 0 I
unverified >172.27.0.26
? B 170 100 65100 I
unverified >172.27.0.50
* ? 172.27.0.49/32 L 0 Local
* ? 224.0.0.5/32 O 10 1 MultiRecv

• R1:
lab@R1> show bgp summary instance vpn-1
Groups: 1 Peers: 1 Down peers: 0

Lab 11–10 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
Table Tot Paths Act Paths Suppressed History Damp State Pending
vpn-1.inet.0
43 27 0 0 0 0
vpn-1.mdt.0
0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.34 65100 7 43 0 0 1:57 Establ
vpn-1.inet.0: 6/7/7/0

lab@R1> show route table vpn-1.inet.0 terse

vpn-1.inet.0: 29 destinations, 45 routes (29 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

A V Destination P Prf Metric 1 Metric 2 Next hop AS path


* ? 65.100.0.0/30 B 170 100 11 I
unverified >172.27.0.9
? B 170 100 11 I
unverified >172.27.0.9
172.27.0.13
* ? 65.100.1.0/24 B 170 100 0 I
unverified >172.27.0.9
? B 170 100 0 I
unverified >172.27.0.9
172.27.0.13
* ? 65.100.2.0/24 B 170 100 0 I
unverified >172.27.0.9
? B 170 100 0 I
unverified >172.27.0.9
172.27.0.13
* ? 65.100.3.0/24 B 170 100 0 I
unverified >172.27.0.9
? B 170 100 0 I
unverified >172.27.0.9
172.27.0.13
* ? 65.100.4.0/24 B 170 100 0 I
unverified >172.27.0.9
? B 170 100 0 I
unverified >172.27.0.9
172.27.0.13
* ? 65.100.5.0/24 B 170 100 0 I
unverified >172.27.0.9
? B 170 100 0 I
unverified >172.27.0.9
172.27.0.13
* ? 65.100.6.0/24 B 170 100 0 I
unverified >172.27.0.9
? B 170 100 0 I
unverified >172.27.0.9
172.27.0.13
* ? 65.100.7.0/24 B 170 100 0 I
unverified >172.27.0.9
? B 170 100 0 I

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–11


JNCIE Service Provider Bootcamp
unverified >172.27.0.9
172.27.0.13
* ? 65.100.8.0/24 B 170 100 0 I
unverified >172.27.0.9
? B 170 100 0 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.9.0/24 B 170 100 0 I
unverified >172.27.0.9
? B 170 100 0 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.10.0/24 B 170 100 65100 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.11.0/24 B 170 100 65100 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.12.0/24 B 170 100 65100 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.13.0/24 B 170 100 65100 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.14.0/24 B 170 100 65100 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.15.0/24 B 170 100 65100 I
unverified >172.27.0.34
* ? 65.100.16.0/24 B 170 100 65100 I
unverified >172.27.0.34
* ? 65.100.17.0/24 B 170 100 65100 I
unverified >172.27.0.34
* ? 65.100.18.0/24 B 170 100 65100 I
unverified >172.27.0.34
* ? 65.100.19.0/24 B 170 100 65100 I
unverified >172.27.0.34
* ? 65.100.255.1/32 B 170 100 1 I
unverified 172.27.0.9
>172.27.0.13
? B 170 100 11 I
unverified >172.27.0.9
* ? 65.100.255.2/32 B 170 100 1 I
unverified >172.27.0.9
? B 170 100 11 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.255.3/32 B 170 100 65100 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.255.4/32 B 170 100 65100 I
unverified >172.27.0.34
* ? 172.27.0.32/30 D 0 >ge-0/0/2.0
? B 170 100 65100 I

Lab 11–12 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
unverified >172.27.0.34
* ? 172.27.0.33/32 L 0 Local
* ? 172.27.0.40/30 B 170 100 I
unverified >172.27.0.9
? B 170 100 12 I
unverified 172.27.0.9
>172.27.0.13
* ? 172.27.0.44/30 B 170 100 I
unverified 172.27.0.9
>172.27.0.13
? B 170 100 12 I
unverified >172.27.0.9
* ? 172.27.0.48/30 B 170 100 0 I
unverified >172.27.0.9
? B 170 100 I
unverified >172.27.0.9
172.27.0.13

• R4:
lab@R4> show ospf neighbor instance vpn-1
Address Interface State ID Pri Dead
172.27.0.42 ge-0/0/3.0 Full 65.100.255.2 128 34

lab@R4> show route table vpn-1.inet.0 terse

vpn-1.inet.0: 30 destinations, 44 routes (30 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

A V Destination P Prf Metric 1 Metric 2 Next hop AS path


* ? 65.100.0.0/30 O 10 11 >172.27.0.42
? B 170 100 11 I
unverified >172.27.0.17
* ? 65.100.1.0/24 O 150 0 >172.27.0.42
? B 170 100 0 I
unverified >172.27.0.17
* ? 65.100.2.0/24 O 150 0 >172.27.0.42
? B 170 100 0 I
unverified >172.27.0.17
* ? 65.100.3.0/24 O 150 0 >172.27.0.42
? B 170 100 0 I
unverified >172.27.0.17
* ? 65.100.4.0/24 O 150 0 >172.27.0.42
? B 170 100 0 I
unverified >172.27.0.17
* ? 65.100.5.0/24 O 150 0 >172.27.0.42
? B 170 100 0 I
unverified >172.27.0.17
* ? 65.100.6.0/24 O 150 0 >172.27.0.42
? B 170 100 0 I
unverified >172.27.0.17
* ? 65.100.7.0/24 O 150 0 >172.27.0.42
? B 170 100 0 I

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–13


JNCIE Service Provider Bootcamp
unverified >172.27.0.17
* ? 65.100.8.0/24 O 150 0 >172.27.0.42
? B 170 100 0 I
unverified >172.27.0.17
* ? 65.100.9.0/24 O 150 0 >172.27.0.42
? B 170 100 0 I
unverified >172.27.0.17
* ? 65.100.10.0/24 O 150 0 >172.27.0.42
* ? 65.100.11.0/24 O 150 0 >172.27.0.42
* ? 65.100.12.0/24 O 150 0 >172.27.0.42
* ? 65.100.13.0/24 O 150 0 >172.27.0.42
* ? 65.100.14.0/24 O 150 0 >172.27.0.42
* ? 65.100.15.0/24 B 170 100 65100 I
unverified >172.27.0.17
* ? 65.100.16.0/24 B 170 100 65100 I
unverified >172.27.0.17
* ? 65.100.17.0/24 B 170 100 65100 I
unverified >172.27.0.17
* ? 65.100.18.0/24 B 170 100 65100 I
unverified >172.27.0.17
* ? 65.100.19.0/24 B 170 100 65100 I
unverified >172.27.0.17
* ? 65.100.255.1/32 O 10 11 >172.27.0.42
? B 170 100 1 I
unverified >172.27.0.17
* ? 65.100.255.2/32 O 10 1 >172.27.0.42
? B 170 100 11 I
unverified >172.27.0.17
* ? 65.100.255.3/32 O 150 0 >172.27.0.42
* ? 65.100.255.4/32 B 170 100 65100 I
unverified >172.27.0.17
* ? 172.27.0.32/30 B 170 100 I
unverified >172.27.0.17
* ? 172.27.0.40/30 D 0 >ge-0/0/3.0
? B 170 100 12 I
unverified >172.27.0.17
* ? 172.27.0.41/32 L 0 Local
* ? 172.27.0.44/30 O 10 12 >172.27.0.42
? B 170 100 I
unverified >172.27.0.17
* ? 172.27.0.48/30 O 150 0 >172.27.0.42
* ? 224.0.0.5/32 O 10 1 MultiRecv

Now return to the session you have open to your VR-device.


Begin by looking at the routing table and verify that you have the interface routes for other
remote CE interfaces. After verifying that the routes are present, ping the remote interface.
Remember that all of the CE devices are in a virtual routing instances and you must include the
proper routing instance when using the ping utility.
• VR-device:
lab@vr-device> show route table CE-1.inet.0 terse

CE-1.inet.0: 32 destinations, 32 routes (32 active, 0 holddown, 0 hidden)

Lab 11–14 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
+ = Active Route, - = Last Active, * = Both

A V Destination P Prf Metric 1 Metric 2 Next hop AS path


* ? 65.100.0.0/24 S 5 Reject
* ? 65.100.0.0/30 D 0 >ge-0/0/11.0
* ? 65.100.0.1/32 L 0 Local
* ? 65.100.1.0/24 S 5 Reject
* ? 65.100.2.0/24 S 5 Reject
* ? 65.100.3.0/24 S 5 Reject
* ? 65.100.4.0/24 S 5 Reject
* ? 65.100.5.0/24 O 150 0 >65.100.0.2
* ? 65.100.6.0/24 O 150 0 >65.100.0.2
* ? 65.100.7.0/24 O 150 0 >65.100.0.2
* ? 65.100.8.0/24 O 150 0 >65.100.0.2
* ? 65.100.9.0/24 O 150 0 >65.100.0.2
* ? 65.100.10.0/24 O 150 0 >172.27.0.45
* ? 65.100.11.0/24 O 150 0 >172.27.0.45
* ? 65.100.12.0/24 O 150 0 >172.27.0.45
* ? 65.100.13.0/24 O 150 0 >172.27.0.45
* ? 65.100.14.0/24 O 150 0 >172.27.0.45
* ? 65.100.15.0/24 O 150 0 >172.27.0.45
* ? 65.100.16.0/24 O 150 0 >172.27.0.45
* ? 65.100.17.0/24 O 150 0 >172.27.0.45
* ? 65.100.18.0/24 O 150 0 >172.27.0.45
* ? 65.100.19.0/24 O 150 0 >172.27.0.45
* ? 65.100.255.1/32 D 0 >lo0.1
* ? 65.100.255.2/32 O 10 10 >65.100.0.2
* ? 65.100.255.3/32 O 150 0 >172.27.0.45
* ? 65.100.255.4/32 O 150 0 >172.27.0.45
* ? 172.27.0.32/30 O 150 0 >172.27.0.45
* ? 172.27.0.40/30 O 10 11 >65.100.0.2
* ? 172.27.0.44/30 D 0 >ge-0/0/8.0
* ? 172.27.0.46/32 L 0 Local
* ? 172.27.0.48/30 O 150 0 >172.27.0.45
* ? 224.0.0.5/32 O 10 1 MultiRecv

lab@vr-device> show route table CE-4.inet.0 terse

CE-4.inet.0: 29 destinations, 35 routes (29 active, 0 holddown, 6 hidden)


+ = Active Route, - = Last Active, * = Both

A V Destination P Prf Metric 1 Metric 2 Next hop AS path


* ? 65.100.0.0/30 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.1.0/24 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.2.0/24 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.3.0/24 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.4.0/24 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.5.0/24 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.6.0/24 B 170 100 3895077211 I

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–15


JNCIE Service Provider Bootcamp
unverified >172.27.0.33
* ? 65.100.7.0/24 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.8.0/24 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.9.0/24 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.10.0/24 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.11.0/24 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.12.0/24 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.13.0/24 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.14.0/24 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.15.0/24 S 5 Reject
* ? 65.100.16.0/24 S 5 Reject
* ? 65.100.17.0/24 S 5 Reject
* ? 65.100.18.0/24 S 5 Reject
* ? 65.100.19.0/24 S 5 Reject
* ? 65.100.255.1/32 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.255.2/32 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.255.3/32 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 65.100.255.4/32 D 0 >lo0.4
* ? 172.27.0.32/30 D 0 >ge-0/0/2.0
* ? 172.27.0.34/32 L 0 Local
* ? 172.27.0.40/30 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 172.27.0.44/30 B 170 100 3895077211 I
unverified >172.27.0.33
* ? 172.27.0.48/30 B 170 100 3895077211 I
unverified >172.27.0.33

lab@vr-device> ping 172.27.0.46 routing-instance CE-4 count 5


PING 172.27.0.46 (172.27.0.46): 56 data bytes
64 bytes from 172.27.0.46: icmp_seq=0 ttl=63 time=8.940 ms
64 bytes from 172.27.0.46: icmp_seq=1 ttl=63 time=9.562 ms
64 bytes from 172.27.0.46: icmp_seq=2 ttl=63 time=8.551 ms
64 bytes from 172.27.0.46: icmp_seq=3 ttl=63 time=8.553 ms
64 bytes from 172.27.0.46: icmp_seq=4 ttl=63 time=12.183 ms

--- 172.27.0.46 ping statistics ---


5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 8.551/9.558/12.183/1.364 ms

lab@vr-device> ping 172.27.0.50 routing-instance CE-4 count 5


PING 172.27.0.50 (172.27.0.50): 56 data bytes
64 bytes from 172.27.0.50: icmp_seq=0 ttl=63 time=12.842 ms
64 bytes from 172.27.0.50: icmp_seq=1 ttl=63 time=14.546 ms
64 bytes from 172.27.0.50: icmp_seq=2 ttl=63 time=14.556 ms

Lab 11–16 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
64 bytes from 172.27.0.50: icmp_seq=3 ttl=63 time=14.634 ms
64 bytes from 172.27.0.50: icmp_seq=4 ttl=63 time=9.637 ms

--- 172.27.0.50 ping statistics ---


5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 9.637/13.243/14.634/1.925 ms

lab@vr-device> ping 172.27.0.42 routing-instance CE-4 count 5


PING 172.27.0.42 (172.27.0.42): 56 data bytes
64 bytes from 172.27.0.42: icmp_seq=0 ttl=63 time=8.973 ms
64 bytes from 172.27.0.42: icmp_seq=1 ttl=63 time=6.548 ms
64 bytes from 172.27.0.42: icmp_seq=2 ttl=63 time=8.553 ms
64 bytes from 172.27.0.42: icmp_seq=3 ttl=63 time=6.550 ms
64 bytes from 172.27.0.42: icmp_seq=4 ttl=63 time=6.583 ms

--- 172.27.0.42 ping statistics ---


5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 6.548/7.441/8.973/1.087 ms

Question: Do your pings complete?

Answer: Yes, your pings should complete. If they do not, please


verify your routing tables have the correct routes.

TASK 2
The CE-1 and CE-2 routers share a backdoor OSPF connection. Ensure
that CE-1 and CE-2 prefer to send traffic through the Layer 3 VPN.
The internal connection between CE-1 and CE-2 has an interface
metric of 10.
TASK INTERPRETATION
To complete this task, you must ensure that the VPN connection appears as an internal route,
which allows you to alter the link metric to make the VPN more preferred than the existing
connection between CE-1 and CE-2 to allow the VPN to appear as a internal link, you must
configure a sham link between R4 and R5. As a requirement for sham links, you must include a
loopback address. Configure a secondary loopback unit using 65.100.255.14 on R4 and
65.100.255.15 on R5. Add this interface to the VPN. The loopback interface address is used as
the local and remote address for the sham link. Finally, you must add a metric to the sham link
that is lower than the existing connection between CE-1 and CE-2, which has a metric of 10.
TASK COMPLETION
• R4:
lab@R4> configure
Entering configuration mode

[edit]
lab@R4# set interfaces lo0.1 family inet address 65.100.255.14

[edit]
lab@R4# edit routing-instances vpn-1

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–17


JNCIE Service Provider Bootcamp
[edit routing-instances vpn-1]
lab@R4# set interface lo0.1

[edit routing-instances vpn-1]


lab@R4# edit protocols ospf

[edit routing-instances vpn-1 protocols ospf]


lab@R4# set sham-link local 65.100.255.14

[edit routing-instances vpn-1 protocols ospf]


lab@R4# set area 0 interface lo0.1

[edit routing-instances vpn-1 protocols ospf]


lab@R4# set area 0 sham-link-remote 65.100.255.15 metric 1

[edit routing-instances vpn-1 protocols ospf]


lab@R4# commit and-quit

commit complete
Exiting configuration mode

lab@R4>
• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# set interfaces lo0.1 family inet address 65.100.255.15

[edit]
lab@R5# edit routing-instances vpn-1

[edit routing-instances vpn-1]


lab@R5# set interface lo0.1

[edit routing-instances vpn-1]


lab@R5# edit protocols ospf

[edit routing-instances vpn-1 protocols ospf]


lab@R5# set sham-link local 65.100.255.15

[edit routing-instances vpn-1 protocols ospf]


lab@R5# set area 0 interface lo0.1

[edit routing-instances vpn-1 protocols ospf]


lab@R5# set area 0 sham-link-remote 65.100.255.14 metric 1

[edit routing-instances vpn-1 protocols ospf]


lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>

Lab 11–18 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
TASK VERIFICATION
Begin your verification by reviewing the OSPF database for CE-1. Remember this device is in a
routing instance, so you have to include the instance CE-1 with your show commands. After
verifying you have the router LSAs for R4 and R5, review your CE-1 OSPF route for the loopback
address of CE-2 (65.100.255.2). This route should point to R5 as the next hop and avoid the
original link between CE-1 and CE-2. You can include the extensive option to see the IP
address for the next hop.
• CE-1:
lab@vr-device> show ospf database instance CE-1

OSPF database, Area 0.0.0.0


Type ID Adv Rtr Seq Age Opt Cksum Len
Router *65.100.255.1 65.100.255.1 0x80000093 764 0x22 0xa7a0 60
Router 65.100.255.2 65.100.255.2 0x80000091 1262 0x22 0xb43 60
Router 65.100.255.14 65.100.255.14 0x80000006 410 0x22 0xaaf1 48
Router 65.100.255.15 65.100.255.15 0x80000004 725 0x22 0xe8ac 48
Router 172.27.0.41 172.27.0.41 0x800000c3 1962 0x22 0xc1ce 36
Router 172.27.0.45 172.27.0.45 0x800000b9 1383 0x22 0x445e 36
Network 65.100.0.2 65.100.255.2 0x8000008b 1831 0x22 0x759f 32
Network 172.27.0.41 65.100.255.14 0x80000002 1263 0x22 0x3a02 32
Network 172.27.0.45 65.100.255.15 0x80000002 765 0x22 0x82f 32
OSPF AS SCOPE link state database
Type ID Adv Rtr Seq Age Opt Cksum Len
Extern *65.100.0.0 65.100.255.1 0x8000008d 2158 0x22 0x6e6b 36
Extern *65.100.1.0 65.100.255.1 0x8000008d 1033 0x22 0x6375 36
Extern *65.100.2.0 65.100.255.1 0x8000008d 658 0x22 0x587f 36
Extern *65.100.3.0 65.100.255.1 0x8000008d 283 0x22 0x4d89 36
Extern *65.100.4.0 65.100.255.1 0x8000008c 2533 0x22 0x4492 36
Extern 65.100.5.0 65.100.255.2 0x8000008b 831 0x22 0x35a0 36
...

lab@vr-device> show route 65.100.255.2 table CE-1.inet.0 extensive

CE-1.inet.0: 34 destinations, 34 routes (34 active, 0 holddown, 0 hidden)


65.100.255.2/32 (1 entry, 1 announced)
TSI:
KRT in-kernel 65.100.255.2/32 -> {172.27.0.45}
*OSPF Preference: 10
Next hop type: Router, Next hop index: 828
Address: 0x92912c4
Next-hop reference count: 46
Next hop: 172.27.0.45 via ge-0/0/8.0, selected
Session Id: 0x5
State: <Active Int>
Local AS: 65100
Age: 26:02 Metric: 3
Validation State: unverified
Area: 0.0.0.0
Task: CE-1-OSPF
Announcement bits (1): 0-KRT
AS path: I

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–19


JNCIE Service Provider Bootcamp
TASK 3
You are required to provide internet access for vpn-1 on the R1 PE
router. You are allowed to use one static route to complete this
task.
Note
Internet access for this lab means that you
can reach routers and addresses outside
the VPN environment. You do not have a full
Internet routing table and you do not have
external EBGP peers advertising external
routes into our IBGP core. You will verify this
task by reviewing the routing tables and
using the ping utility to pass traffic from
devices in the routing instance to your core
devices in your network.

TASK INTERPRETATION
To complete this task, you must create a static route in the main instance that encompasses the
VPN networks (65.100.0.0/16) with the next-table operation pointing to vpn-1.inet.0.
Advertise this static route into your IBGP network using an export policy. This policy allows the
Internet traffic to reach to your VPN. Because you do not have any EBGP peers for R1 in this lab,
you can simply export this route by adding a new term to your next hop self policy. Alternatively,
you could create a new export policy and apply to your internal IBGP group. Next, you will create a
rib-group designed to copy the routes from the inet.0 into the vpn-1.inet.0 routing
table. Finally, you must apply this RIB group to your IBGP, OSPF, and interface routes in the main
instance.
TASK COMPLETION
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# edit routing-options

[edit routing-options]
lab@R1# set static route 65.100.0/16 next-table vpn-1.inet.0

[edit policy-options policy-statement export-vpn]


lab@R1# top edit policy-options policy-statement nhs

[edit policy-options policy-statement nhs]


lab@R1# set term 2 from protocol static route-filter 65.100/16 exact

[edit policy-options policy-statement nhs]


lab@R1# set term 2 then accept

[edit policy-options policy-statement nhs]


lab@R1# top edit routing-options

Lab 11–20 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp

[edit routing-options]
lab@R1# set rib-groups rib-1 import-rib [inet.0 vpn-1.inet.0]

[edit routing-options]
lab@R1# set interface-routes rib-group rib-1

[edit routing-options]
lab@R1# top edit protocols

[edit protocols]
lab@R1# set ospf rib-group rib-1

[edit protocols]
lab@R1# set bgp group internal family inet unicast rib-group rib-1

[edit protocols]
lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>
TASK VERIFICATION
Begin your verification by reviewing the vpn-1.inet.0 routing table on R1 to verify that you
now have all the Internet routes. Next, verify that you have the Internet routes in the
vpn-1.inet.0 routing table on R5. While on R5, verify that you have the 65.100.0.0/16 route
in the inet.0 routing table. Once you have verified the routes are present, ping from the main
instance to the loopback address on R5 that is assigned to the routing instance. This action can
be accomplished using the ping 65.100.255.15 count 5 command. This command will
illustrate that you can pass traffic from the main instance through R1 into the VPN to R5. You
can do additional verification if you want.
• R1:
lab@R1> show route table vpn-1.inet.0 terse

vpn-1.inet.0: 51 destinations, 53 routes (51 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

A V Destination P Prf Metric 1 Metric 2 Next hop AS path


* ? 10.233.240.0/20 D 0 >ge-0/0/0.0
* ? 10.233.248.47/32 L 0 Local
* ? 65.100.0.0/24 B 170 100 0 I
unverified >172.27.0.9
172.27.0.13
* ? 65.100.0.0/30 B 170 100 11 I
unverified >172.27.0.13
? B 170 100 11 I
unverified >172.27.0.9
172.27.0.13
* ? 65.100.1.0/24 B 170 100 0 I
unverified >172.27.0.9
172.27.0.13

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–21


JNCIE Service Provider Bootcamp
* ? 65.100.2.0/24 B 170 100 0 I
unverified >172.27.0.9
172.27.0.13
* ? 65.100.3.0/24 B 170 100 0 I
unverified >172.27.0.9
172.27.0.13
* ? 65.100.4.0/24 B 170 100 0 I
unverified >172.27.0.9
172.27.0.13
* ? 65.100.5.0/24 B 170 100 0 I
unverified >172.27.0.13
* ? 65.100.6.0/24 B 170 100 0 I
unverified >172.27.0.13
* ? 65.100.7.0/24 B 170 100 0 I
unverified >172.27.0.13
* ? 65.100.8.0/24 B 170 100 0 I
unverified >172.27.0.13
* ? 65.100.9.0/24 B 170 100 0 I
unverified >172.27.0.13
* ? 65.100.10.0/24 B 170 100 65100 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.11.0/24 B 170 100 65100 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.12.0/24 B 170 100 65100 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.13.0/24 B 170 100 65100 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.14.0/24 B 170 100 65100 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.15.0/24 B 170 100 65100 I
unverified >172.27.0.34
* ? 65.100.16.0/24 B 170 100 65100 I
unverified >172.27.0.34
* ? 65.100.17.0/24 B 170 100 65100 I
unverified >172.27.0.34
* ? 65.100.18.0/24 B 170 100 65100 I
unverified >172.27.0.34
* ? 65.100.19.0/24 B 170 100 65100 I
unverified >172.27.0.34
* ? 65.100.255.1/32 B 170 100 1 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.255.2/32 B 170 100 1 I
unverified >172.27.0.13
* ? 65.100.255.3/32 B 170 100 65100 I
unverified 172.27.0.9
>172.27.0.13
* ? 65.100.255.4/32 B 170 100 65100 I
unverified >172.27.0.34
* ? 65.100.255.14/32 B 170 100 I

Lab 11–22 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
unverified >172.27.0.13
* ? 65.100.255.15/32 B 170 100 I
unverified >172.27.0.9
172.27.0.13
* ? 172.27.0.0/30 D 0 >ge-0/0/3.0
* ? 172.27.0.1/32 L 0 Local
* ? 172.27.0.4/30 O 10 2 >172.27.0.2
* ? 172.27.0.8/30 D 0 >ae0.0
* ? 172.27.0.10/32 L 0 Local
* ? 172.27.0.12/30 D 0 >ge-0/0/6.0
* ? 172.27.0.14/32 L 0 Local
* ? 172.27.0.16/30 O 10 2 >172.27.0.13
* ? 172.27.0.20/30 O 10 3 172.27.0.2
>172.27.0.13
* ? 172.27.0.24/30 O 10 2 >172.27.0.13
* ? 172.27.0.28/30 D 0 >ge-0/0/1.0
* ? 172.27.0.29/32 L 0 Local
* ? 172.27.0.32/30 D 0 >ge-0/0/2.0
? B 170 100 65100 I
unverified >172.27.0.34
* ? 172.27.0.33/32 L 0 Local
* ? 172.27.0.40/30 B 170 100 I
unverified >172.27.0.13
* ? 172.27.0.44/30 B 170 100 I
unverified 172.27.0.9
>172.27.0.13
* ? 172.27.0.48/30 B 170 100 I
unverified >172.27.0.9
172.27.0.13
* ? 172.27.255.1/32 D 0 >lo0.0
* ? 172.27.255.2/32 O 10 1 >172.27.0.2
* ? 172.27.255.3/32 O 10 1 >172.27.0.13
* ? 172.27.255.4/32 O 10 2 172.27.0.2
>172.27.0.13
* ? 172.27.255.5/32 O 10 2 >172.27.0.13

• R5:
lab@R5> show route table vpn-1.inet.0 terse

vpn-1.inet.0: 43 destinations, 52 routes (43 active, 0 holddown, 7 hidden)


+ = Active Route, - = Last Active, * = Both

A V Destination P Prf Metric 1 Metric 2 Next hop AS path


* ? 65.100.0.0/24 O 150 0 >172.27.0.46
* ? 65.100.0.0/30 O 10 11 >172.27.0.46
? B 170 100 11 I
unverified >172.27.0.21
* ? 65.100.1.0/24 O 150 0 >172.27.0.46
* ? 65.100.2.0/24 O 150 0 >172.27.0.46
* ? 65.100.3.0/24 O 150 0 >172.27.0.46
* ? 65.100.4.0/24 O 150 0 >172.27.0.46
* ? 65.100.5.0/24 B 170 100 0 I
unverified >172.27.0.21
* ? 65.100.6.0/24 B 170 100 0 I

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–23


JNCIE Service Provider Bootcamp
unverified >172.27.0.21
* ? 65.100.7.0/24 B 170 100 0 I
unverified >172.27.0.21
* ? 65.100.8.0/24 B 170 100 0 I
unverified >172.27.0.21
* ? 65.100.9.0/24 B 170 100 0 I
unverified >172.27.0.21
* ? 65.100.10.0/24 B 170 100 65100 I
unverified >172.27.0.50
* ? 65.100.11.0/24 B 170 100 65100 I
unverified >172.27.0.50
* ? 65.100.12.0/24 B 170 100 65100 I
unverified >172.27.0.50
* ? 65.100.13.0/24 B 170 100 65100 I
unverified >172.27.0.50
* ? 65.100.14.0/24 B 170 100 65100 I
unverified >172.27.0.50
* ? 65.100.15.0/24 B 170 100 65100 I
unverified >172.27.0.26
* ? 65.100.16.0/24 B 170 100 65100 I
unverified >172.27.0.26
* ? 65.100.17.0/24 B 170 100 65100 I
unverified >172.27.0.26
* ? 65.100.18.0/24 B 170 100 65100 I
unverified >172.27.0.26
* ? 65.100.19.0/24 B 170 100 65100 I
unverified >172.27.0.26
* ? 65.100.255.1/32 O 10 1 >172.27.0.46
* ? 65.100.255.2/32 B 170 100 1 I
unverified >172.27.0.21
* ? 65.100.255.3/32 B 170 100 65100 I
unverified >172.27.0.50
* ? 65.100.255.4/32 B 170 100 65100 I
unverified >172.27.0.26
* ? 65.100.255.14/32 B 170 100 I
unverified >172.27.0.21
* ? 65.100.255.15/32 D 0 >lo0.1
* ? 172.27.0.4/30 B 170 100 2 I
unverified >172.27.0.26
* ? 172.27.0.16/30 B 170 100 2 I
unverified >172.27.0.26
* ? 172.27.0.20/30 B 170 100 3 I
unverified >172.27.0.26
* ? 172.27.0.24/30 B 170 100 2 I
unverified >172.27.0.26
* ? 172.27.0.32/30 B 170 100 I
unverified >172.27.0.26
* ? 172.27.0.40/30 B 170 100 I
unverified >172.27.0.21
* ? 172.27.0.44/30 D 0 >ge-0/0/3.0
* ? 172.27.0.45/32 L 0 Local
* ? 172.27.0.48/30 D 0 >ge-0/0/4.0
? B 170 100 65100 I
unverified >172.27.0.50
* ? 172.27.0.49/32 L 0 Local

Lab 11–24 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
* ? 172.27.255.1/32 B 170 100 I
unverified >172.27.0.26
* ? 172.27.255.2/32 B 170 100 1 I
unverified >172.27.0.26
* ? 172.27.255.3/32 B 170 100 1 I
unverified >172.27.0.26
* ? 172.27.255.4/32 B 170 100 2 I
unverified >172.27.0.26
* ? 172.27.255.5/32 B 170 100 2 I
unverified >172.27.0.26
* ? 224.0.0.5/32 O 10 1 MultiRecv

lab@R5> show route table inet.0 terse

inet.0: 18 destinations, 18 routes (18 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

A V Destination P Prf Metric 1 Metric 2 Next hop AS path


* ? 10.233.240.0/20 D 0 >ge-0/0/0.0
* ? 10.233.248.61/32 L 0 Local
* ? 65.100.0.0/16 B 170 100 I
unverified >172.27.0.26
* ? 172.27.0.0/30 O 10 3 >172.27.0.26
172.27.0.21
* ? 172.27.0.4/30 O 10 2 >172.27.0.21
* ? 172.27.0.8/30 O 10 16 >172.27.0.21
* ? 172.27.0.12/30 O 10 2 >172.27.0.26
* ? 172.27.0.16/30 O 10 2 172.27.0.26
>172.27.0.21
* ? 172.27.0.20/30 D 0 >ge-0/0/2.0
* ? 172.27.0.22/32 L 0 Local
* ? 172.27.0.24/30 D 0 >ge-0/0/1.0
* ? 172.27.0.25/32 L 0 Local
* ? 172.27.255.1/32 O 10 2 >172.27.0.26
* ? 172.27.255.2/32 O 10 2 >172.27.0.21
* ? 172.27.255.3/32 O 10 1 >172.27.0.26
* ? 172.27.255.4/32 O 10 1 >172.27.0.21
* ? 172.27.255.5/32 D 0 >lo0.0
* ? 224.0.0.5/32 O 10 1 MultiRecv

lab@R5> ping 65.100.255.15 count 5


PING 65.100.255.15 (65.100.255.15): 56 data bytes
64 bytes from 65.100.255.15: icmp_seq=0 ttl=63 time=7.313 ms
64 bytes from 65.100.255.15: icmp_seq=1 ttl=63 time=8.306 ms
64 bytes from 65.100.255.15: icmp_seq=2 ttl=63 time=10.552 ms
64 bytes from 65.100.255.15: icmp_seq=3 ttl=63 time=10.584 ms
64 bytes from 65.100.255.15: icmp_seq=4 ttl=63 time=10.527 ms

--- 65.100.255.15 ping statistics ---


5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 7.313/9.456/10.584/1.381 ms

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–25


JNCIE Service Provider Bootcamp
Question: Are your pings successful?

Answer: Yes, you should be able to ping from the main instance
into the VPN.

TASK 4
On R1, ensure that vpn-1 traffic destined to CE-1 uses the
r1-to-r5-one LSP and traffic destined to CE-3 uses the r1-to-r5-two
LSP.
TASK INTERPRETATION
To complete this task, you must create two additional unique communities on R5. You must add
these communities to the routes learned from the each of the CE neighbors before advertising
them through MP-BGP to the other PE routers. Remember to also create and add the target
community to these routes before you accept and advertise them to your MP-BGP peers.
Remember to include the direct routes when adding the communities to the BGP routes. To add
additional communities to your MP-BGP routes, you must manually create a vrf-export and
vrf-import policies on R5, and remove the vrf-target statement.
You must then create a policy on R1 to alter the next-hop LSP in the forwarding table based on
which community tag is present in the BGP route.You must define the communities and values
on R1 also.
TASK COMPLETION
• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# edit policy-options

[edit policy-options]
lab@R5# set community vpn-1 members target:65100:100

[edit policy-options]
lab@R5# set community ce-1 members 65100:1

[edit policy-options]
lab@R5# set community ce-3 members 65100:3

[edit policy-options]
lab@R5# edit policy-statement vpn-export

[edit policy-options policy-statement vpn-export]


lab@R5# set term 1 from protocol ospf

[edit policy-options policy-statement vpn-export]


lab@R5# set term 1 from protocol direct

[edit policy-options policy-statement vpn-export]


lab@R5# set term 1 from route-filter 65.100.0/16 orlonger

Lab 11–26 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp

[edit policy-options policy-statement vpn-export]


lab@R5# set term 1 from route-filter 172.27.0.44/30 exact

[edit policy-options policy-statement vpn-export]


lab@R5# set term 1 then community add ce-1

[edit policy-options policy-statement vpn-export]


lab@R5# set term 1 then community add vpn-1

[edit policy-options policy-statement vpn-export]


lab@R5# set term 1 then accept

[edit policy-options policy-statement vpn-export]


lab@R5# set term 2 from protocol bgp neighbor 172.27.0.50

[edit policy-options policy-statement vpn-export]


lab@R5# set term 2 from protocol direct

[edit policy-options policy-statement vpn-export]


lab@R5# set term 2 from route-filter 65.100.0/16 orlonger

[edit policy-options policy-statement vpn-export]


lab@R5# set term 2 from route-filter 172.27.0.48/30 exact

[edit policy-options policy-statement vpn-export]


lab@R5# set term 2 then community add ce-3

[edit policy-options policy-statement vpn-export]


lab@R5# set term 2 then community add vpn-1

[edit policy-options policy-statement vpn-export]


lab@R5# set then accept

[edit policy-options policy-statement vpn-export]


lab@R5# top edit policy-options policy-statement vpn-import

[edit policy-options policy-statement vpn-import]


lab@R5# set term 1 from protocol bgp

[edit policy-options policy-statement vpn-import]


lab@R5# set term 1 from community vpn-1

[edit policy-options policy-statement vpn-import]


lab@R5# set term 1 then accept

[edit policy-options policy-statement vpn-import]


lab@R5# top edit routing-instances vpn-1

[edit routing-instances vpn-1]


lab@R5# delete vrf-target

[edit routing-instances vpn-1]


lab@R5# set vrf-export vpn-export

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–27


JNCIE Service Provider Bootcamp
[edit routing-instances vpn-1]
lab@R5# set vrf-import vpn-import

[edit routing-instances vpn-1]


lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# edit policy-options

[edit policy-options]
lab@R1# set community ce-1 members 65100:1

[edit policy-options]
lab@R1# set community ce-3 members 65100:3

[edit policy-options]
lab@R1# edit policy-statement set-lsp

[edit policy-options policy-statement set-lsp]


lab@R1# set term 1 from protocol bgp

[edit policy-options policy-statement set-lsp]


lab@R1# set term 1 from community ce-1

[edit policy-options policy-statement set-lsp]


lab@R1# set term 1 then install-nexthop lsp r1-to-r5-one

[edit policy-options policy-statement set-lsp]


lab@R1# set term 1 then accept

[edit policy-options policy-statement set-lsp]


lab@R1# set term 2 from protocol bgp

[edit policy-options policy-statement set-lsp]


lab@R1# set term 2 from community ce-3

[edit policy-options policy-statement set-lsp]


lab@R1# set term 2 then install-nexthop lsp r1-to-r5-two

[edit policy-options policy-statement set-lsp]


lab@R1# set term 2 then accept

[edit policy-options policy-statement set-lsp]


lab@R1# top

Lab 11–28 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
[edit]
lab@R1# set routing-options forwarding-table export set-lsp

[edit]
lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>
TASK VERIFICATION
You can easily verify this task on R1 by reviewing the selected next hops for the CE prefixes
advertised by the R5 router in the VRF routing table. Routes from CE-1 should show only a
next-hop of LSP r1-to-r5-one and routes learned from CE-3 should show only the
next-hop of r1-to-r5-two.
• R1:
lab@R1> show route table vpn-1.inet.0

vpn-1.inet.0: 51 destinations, 53 routes (51 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

10.233.240.0/20 *[Direct/0] 00:08:12


> via ge-0/0/0.0
10.233.248.47/32 *[Local/0] 00:08:12
Local via ge-0/0/0.0
65.100.0.0/24 *[BGP/170] 00:01:24, MED 0, localpref 100, from 172.27.255.5
AS path: I, validation-state: unverified
to 172.27.0.9 via ae0.0, label-switched-path r1-to-r5-one
65.100.0.0/30 *[BGP/170] 00:36:05, MED 11, localpref 100, from 172.27.255.4
AS path: I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r4
[BGP/170] 00:01:23, MED 11, localpref 100, from 172.27.255.5
AS path: I, validation-state: unverified
to 172.27.0.9 via ae0.0, label-switched-path r1-to-r5-one
65.100.1.0/24 *[BGP/170] 00:01:24, MED 0, localpref 100, from 172.27.255.5
AS path: I, validation-state: unverified
to 172.27.0.9 via ae0.0, label-switched-path r1-to-r5-one
65.100.2.0/24 *[BGP/170] 00:01:24, MED 0, localpref 100, from 172.27.255.5
AS path: I, validation-state: unverified
to 172.27.0.9 via ae0.0, label-switched-path r1-to-r5-one
65.100.3.0/24 *[BGP/170] 00:01:24, MED 0, localpref 100, from 172.27.255.5
AS path: I, validation-state: unverified
to 172.27.0.9 via ae0.0, label-switched-path r1-to-r5-one
65.100.4.0/24 *[BGP/170] 00:01:24, MED 0, localpref 100, from 172.27.255.5
AS path: I, validation-state: unverified
to 172.27.0.9 via ae0.0, label-switched-path r1-to-r5-one
65.100.5.0/24 *[BGP/170] 00:36:05, MED 0, localpref 100, from 172.27.255.4
AS path: I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r4
65.100.6.0/24 *[BGP/170] 00:36:05, MED 0, localpref 100, from 172.27.255.4
AS path: I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r4

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–29


JNCIE Service Provider Bootcamp
65.100.7.0/24 *[BGP/170] 00:36:05, MED 0, localpref 100, from 172.27.255.4
AS path: I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r4
65.100.8.0/24 *[BGP/170] 00:36:05, MED 0, localpref 100, from 172.27.255.4
AS path: I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r4
65.100.9.0/24 *[BGP/170] 00:36:05, MED 0, localpref 100, from 172.27.255.4
AS path: I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r4
65.100.10.0/24 *[BGP/170] 00:01:23, localpref 100, from 172.27.255.5
AS path: 65100 I, validation-state: unverified
to 172.27.0.13 via ge-0/0/6.0, label-switched-path
r1-to-r5-two
65.100.11.0/24 *[BGP/170] 00:01:23, localpref 100, from 172.27.255.5
AS path: 65100 I, validation-state: unverified
to 172.27.0.13 via ge-0/0/6.0, label-switched-path
r1-to-r5-two
65.100.12.0/24 *[BGP/170] 00:01:23, localpref 100, from 172.27.255.5
AS path: 65100 I, validation-state: unverified
to 172.27.0.13 via ge-0/0/6.0, label-switched-path
r1-to-r5-two
65.100.13.0/24 *[BGP/170] 00:01:23, localpref 100, from 172.27.255.5
AS path: 65100 I, validation-state: unverified
to 172.27.0.13 via ge-0/0/6.0, label-switched-path
r1-to-r5-two
65.100.14.0/24 *[BGP/170] 00:01:23, localpref 100, from 172.27.255.5
AS path: 65100 I, validation-state: unverified
to 172.27.0.13 via ge-0/0/6.0, label-switched-path
r1-to-r5-two
65.100.15.0/24 *[BGP/170] 00:45:16, localpref 100
AS path: 65100 I, validation-state: unverified
> to 172.27.0.34 via ge-0/0/2.0
65.100.16.0/24 *[BGP/170] 00:45:16, localpref 100
AS path: 65100 I, validation-state: unverified
> to 172.27.0.34 via ge-0/0/2.0
65.100.17.0/24 *[BGP/170] 00:45:16, localpref 100
AS path: 65100 I, validation-state: unverified
> to 172.27.0.34 via ge-0/0/2.0
65.100.18.0/24 *[BGP/170] 00:45:16, localpref 100
AS path: 65100 I, validation-state: unverified
> to 172.27.0.34 via ge-0/0/2.0
65.100.19.0/24 *[BGP/170] 00:45:16, localpref 100
AS path: 65100 I, validation-state: unverified
> to 172.27.0.34 via ge-0/0/2.0
65.100.255.1/32 *[BGP/170] 00:01:23, MED 1, localpref 100, from 172.27.255.5
AS path: I, validation-state: unverified
to 172.27.0.9 via ae0.0, label-switched-path r1-to-r5-one
65.100.255.2/32 *[BGP/170] 00:36:05, MED 1, localpref 100, from 172.27.255.4
AS path: I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r4
65.100.255.3/32 *[BGP/170] 00:01:23, localpref 100, from 172.27.255.5
AS path: 65100 I, validation-state: unverified
to 172.27.0.13 via ge-0/0/6.0, label-switched-path
r1-to-r5-two

Lab 11–30 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
65.100.255.4/32 *[BGP/170] 00:45:16, localpref 100
AS path: 65100 I, validation-state: unverified
> to 172.27.0.34 via ge-0/0/2.0
65.100.255.14/32 *[BGP/170] 00:36:05, localpref 100, from 172.27.255.4
AS path: I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r4
65.100.255.15/32 *[BGP/170] 00:01:23, localpref 100, from 172.27.255.5
AS path: I, validation-state: unverified
to 172.27.0.9 via ae0.0, label-switched-path r1-to-r5-one
172.27.0.0/30 *[Direct/0] 00:08:12
> via ge-0/0/3.0
172.27.0.1/32 *[Local/0] 00:08:12
Local via ge-0/0/3.0
172.27.0.4/30 *[OSPF/10] 00:08:12, metric 2
> to 172.27.0.2 via ge-0/0/3.0
172.27.0.8/30 *[Direct/0] 00:08:12
> via ae0.0
172.27.0.10/32 *[Local/0] 00:08:12
Local via ae0.0
172.27.0.12/30 *[Direct/0] 00:08:12
> via ge-0/0/6.0
172.27.0.14/32 *[Local/0] 00:08:12
Local via ge-0/0/6.0
172.27.0.16/30 *[OSPF/10] 00:08:12, metric 2
> to 172.27.0.13 via ge-0/0/6.0
172.27.0.20/30 *[OSPF/10] 00:08:12, metric 3
to 172.27.0.2 via ge-0/0/3.0
> to 172.27.0.13 via ge-0/0/6.0
172.27.0.24/30 *[OSPF/10] 00:08:12, metric 2
> to 172.27.0.13 via ge-0/0/6.0
172.27.0.28/30 *[Direct/0] 00:08:12
> via ge-0/0/1.0
172.27.0.29/32 *[Local/0] 00:08:12
Local via ge-0/0/1.0
172.27.0.32/30 *[Direct/0] 01:27:09
> via ge-0/0/2.0
[BGP/170] 00:45:16, localpref 100
AS path: 65100 I, validation-state: unverified
> to 172.27.0.34 via ge-0/0/2.0
172.27.0.33/32 *[Local/0] 01:27:09
Local via ge-0/0/2.0
172.27.0.40/30 *[BGP/170] 00:36:05, localpref 100, from 172.27.255.4
AS path: I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r4
172.27.0.44/30 *[BGP/170] 00:01:23, localpref 100, from 172.27.255.5
AS path: I, validation-state: unverified
to 172.27.0.9 via ae0.0, label-switched-path r1-to-r5-one
172.27.0.48/30 *[BGP/170] 00:01:23, localpref 100, from 172.27.255.5
AS path: I, validation-state: unverified
to 172.27.0.13 via ge-0/0/6.0, label-switched-path
r1-to-r5-two
172.27.255.1/32 *[Direct/0] 00:08:12
> via lo0.0
172.27.255.2/32 *[OSPF/10] 00:08:12, metric 1
> to 172.27.0.2 via ge-0/0/3.0

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–31


JNCIE Service Provider Bootcamp
172.27.255.3/32 *[OSPF/10] 00:08:12, metric 1
> to 172.27.0.13 via ge-0/0/6.0
172.27.255.4/32 *[OSPF/10] 00:08:12, metric 2
to 172.27.0.2 via ge-0/0/3.0
> to 172.27.0.13 via ge-0/0/6.0
172.27.255.5/32 *[OSPF/10] 00:08:12, metric 2
> to 172.27.0.13 via ge-0/0/6.0
TASK 5
Configure a VPLS Layer 2 VPN called vpn-2 between CE-5 and CE-6
using VLAN 200. Make sure the VPN uses the VPN RFC 4448
encapsulation and uses BGP as the VPN signalling protocol. The
maximum number of MAC addresses learned by the VPLS domain should be
limited to 500 on each PE-CE link. Ensure that broadcast and
multicast traffic will be policed to 50 Mbps for all sites before
entering the MPLS domain.
TASK INTERPRETATION
To complete this task, you must configure the CE-facing interface with the correct properties.
Because the VLAN requirement is outside the normal VPLS VLAN range, you must configure the
encapsulation to be extended-vlan-vpls. Ensure that you configure your IBGP peering to
accept and send the VPLS NLRIs.
Next, you must configure the routing instance for vpn-2 and include the proper interface.
Define a Type 1 route distinguisher using the local loopback address to uniquely identify source
of the advertisements. Define a Type 1 VPN route target using your local AS number. You must
add the “L” at the end of the AS number to indicate that you are using a 4-byte AS. After defining
the standard properties, configure the VPLS protocol information.
For the VPLS protocol, you must define a site name, site ranges, and local site identifier. Because
you do not have a tunnel services PIC, you must configure the no-tunnel-services option.
The next requirement is that no more than 500 MAC addresses can be learned on any CE-PE
interface. You must specify the interface-mac-limit option for VPLS.
Finally, the last requirement is that you police all VPLS broadcast and multicast traffic entering
your MPLS network. You must configure a firewall policer and filter. Then this filter must be
applied in your VPLS instance.
TASK COMPLETION
• R2:
lab@R2> configure
Entering configuration mode

[edit]
lab@R2# set interfaces ge-0/0/3 vlan-tagging

[edit]
lab@R2# set interfaces ge-0/0/3 encapsulation extended-vlan-vpls

[edit]
lab@R2# set interfaces ge-0/0/3 unit 200 vlan-id 200 family vpls

Lab 11–32 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
[edit]
lab@R2# edit protocols bgp group internal

[edit protocols bgp group internal]


lab@R2# set family inet unicast

[edit protocols bgp group internal]


lab@R2# set family l2vpn signaling

[edit protocols bgp group internal]


lab@R2# top edit routing-instances vpn-2

[edit routing-instances vpn-2]


lab@R2# set instance-type vpls

[edit routing-instances vpn-2]


lab@R2# set interface ge-0/0/3.200

[edit routing-instances vpn-2]


lab@R2# set route-distinguisher 172.27.255.2:200

[edit routing-instances vpn-2]


lab@R2# set vrf-target target:3895077211L:200

[edit routing-instances vpn-2]


lab@R2# set protocols vpls site-range 10

[edit routing-instances vpn-2]


lab@R2# set protocols vpls no-tunnel-services

[edit routing-instances vpn-2]


lab@R2# edit protocols vpls

[edit routing-instances vpn-2 protocols vpls]


lab@R2# set site ce-5 site-identifier 5

[edit routing-instances vpn-2 protocols vpls]


lab@R2# set interface-mac-limit 500

[edit routing-instances vpn-2 protocols vpls]


lab@R2# top edit firewall

[edit firewall]
lab@R2# set policer policer-1 if-exceeding bandwidth-limit 50m

[edit firewall]
lab@R2# set policer policer-1 if-exceeding burst-size-limit 1m

[edit firewall]
lab@R2# set policer policer-1 then discard

[edit firewall]
lab@R2# edit family vpls filter police-vpls

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–33


JNCIE Service Provider Bootcamp
[edit firewall family vpls filter police-vpls]
lab@R2# set term 1 then policer policer-1

[edit firewall family vpls filter police-vpls]


lab@R2# top edit routing-instances vpn-2 forwarding-options

[edit routing-instances vpn-2 forwarding-options]


lab@R2# set family vpls flood input police-vpls

[edit routing-instances vpn-2 forwarding-options]


lab@R2# commit and-quit

commit complete
Exiting configuration mode

lab@R2>

• R5:
lab@R5> configure
Entering configuration mode

[edit]
lab@R5# set interfaces ge-0/0/5 vlan-tagging

[edit]
lab@R5# set interfaces ge-0/0/5 encapsulation extended-vlan-vpls

[edit]
lab@R5# set interfaces ge-0/0/5 unit 200 vlan-id 200 family vpls

[edit]
lab@R5# edit protocols bgp group internal

[edit protocols bgp group internal]


lab@R5# set family l2vpn signaling

[edit protocols bgp group internal]


lab@R5# top edit routing-instances vpn-2

[edit routing-instances vpn-2]


lab@R5# set instance-type vpls

[edit routing-instances vpn-2]


lab@R5# set interface ge-0/0/5.200

[edit routing-instances vpn-2]


lab@R5# set route-distinguisher 172.27.255.5:200

[edit routing-instances vpn-2]


lab@R5# set vrf-target target:3895077211L:200

[edit routing-instances vpn-2]


lab@R5# edit protocols vpls

Lab 11–34 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
[edit routing-instances vpn-2 protocols vpls]
lab@R5# set site-range 10

[edit routing-instances vpn-2 protocols vpls]


lab@R5# set no-tunnel-services

[edit routing-instances vpn-2 protocols vpls]


lab@R5# set site ce-6 site-identifier 6

[edit routing-instances vpn-2 protocols vpls]


lab@R5# set interface-mac-limit 500

[edit routing-instances vpn-2 protocols vpls]


lab@R5# top edit firewall

[edit firewall]
lab@R5# set policer policer-1 if-exceeding bandwidth-limit 50m

[edit firewall]
lab@R5# set policer policer-1 if-exceeding burst-size-limit 1m

[edit firewall]
lab@R5# set policer policer-1 then discard

[edit firewall]
lab@R5# edit family vpls filter police-vpls

[edit firewall family vpls filter police-vpls]


lab@R5# set term 1 then policer policer-1

[edit firewall family vpls filter police-vpls]


lab@R5# top edit routing-instances vpn-2 forwarding-options

[edit routing-instances vpn-2 forwarding-options]


lab@R5# set family vpls flood input police-vpls

[edit routing-instances vpn-2 forwarding-options]


lab@R5# commit and-quit

commit complete
Exiting configuration mode

lab@R5>
TASK VERIFICATION
Begin your verification on R2 by reviewing the VPLS connections. After verifying that your VPLS
session is up and functioning, move to the VR-device and use the ping utility to ping through your
newly created VPLS connection.
• R2:
lab@R2> show vpls connections
Layer-2 VPN connections:

Legend for connection status (St)


EI -- encapsulation invalid NC -- interface encapsulation not CCC/TCC/VPLS

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–35


JNCIE Service Provider Bootcamp
EM -- encapsulation mismatch WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down NP -- interface hardware not present
CM -- control-word mismatch -> -- only outbound connection is up
CN -- circuit not provisioned <- -- only inbound connection is up
OR -- out of range Up -- operational
OL -- no outgoing label Dn -- down
LD -- local site signaled down CF -- call admission control failure
RD -- remote site signaled down SC -- local and remote site ID collision
LN -- local site not designated LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status IL -- no incoming label
MM -- MTU mismatch MI -- Mesh-Group ID not available
BK -- Backup connection ST -- Standby connection
PF -- Profile parse failure PB -- Profile busy
RS -- remote site standby SN -- Static Neighbor

Legend for interface status


Up -- operational
Dn -- down

Instance: vpn-2
Local site: ce-5 (5)
connection-site Type St Time last up # Up trans
6 rmt Up Jan 27 02:30:21 2015 1
Remote PE: 172.27.255.5, Negotiated control-word: No
Incoming label: 262150, Outgoing label: 262157
Local interface: lsi.1048576, Status: Up, Encapsulation: VPLS
Description: Intf - vpls vpn-2 local site 5 remote site 6

• VR-device:
lab@vr-device> ping 51.100.0.2 routing-instance CE-5 count 5
PING 51.100.0.2 (51.100.0.2): 56 data bytes
64 bytes from 51.100.0.2: icmp_seq=0 ttl=64 time=10.073 ms
64 bytes from 51.100.0.2: icmp_seq=1 ttl=64 time=10.594 ms
64 bytes from 51.100.0.2: icmp_seq=2 ttl=64 time=11.183 ms
64 bytes from 51.100.0.2: icmp_seq=3 ttl=64 time=7.548 ms
64 bytes from 51.100.0.2: icmp_seq=4 ttl=64 time=14.563 ms

--- 51.100.0.2 ping statistics ---


5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 7.548/10.792/14.563/2.256 ms

TASK 6
You must extend vpn-3 connecting CE-7 to CE-8 using a inter-provider
solution with ISP-A. You must not configure a routing instance on
R3. The address of the remote PE will be learned from ISP-A. The
Remote PE is using the route target value of target:60001:101. Use
the information in the lab diagram for this lab to complete this
task.

Lab 11–36 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
TASK INTERPRETATION
To complete this task, you must configure an inter-provider VPN using Option C because you
cannot use R3 as a PE device. The R3 can be only an ASBR and you must configure an external
BGP peering to ISP-A’s ASBR. Your R1 router will be the PE, using multihop EBGP peering to
establish the MP-BGP neighborship with ISP-A.
Because you must learn the remote PEs address through BGP, start by configuring R3’s EBGP
peering to ISP-A. You must create a policy to advertise the loopback address for R1 to ISP-A. You
must include both the inet.0 route and the inet.3 route in your policy. You must enable
family inet labeled-unicast rib inet.3 on all BGP peerings between R1 and
ISP-A, to maintain the label and advertise the inet.3 route as well as unlabeled routes.
Remember that you also need regular inet unicast routes. To exchange inet.3 routes with ISP-A,
you must enable family mpls on your interface that connects R3 to ISP-A.
Begin your configuration of R1 by creating your routing instance and configuring the parameters
for the VPN. After configuring the VPN, create your multi-hop EBGP peering to the ISP-A router.
The easiest way to determine what the neighbor address will be is to review your inet.0
routing table for an entry in the ISP-A’s network. Once you have this address, configure the
required properties for your multihop EBGP session. Because this session will be carrying the
VPN routes, make sure that you enable the proper NLRIs.
TASK COMPLETION
• R3:
lab@R3> configure
Entering configuration mode

[edit]
lab@R3# set interfaces ge-0/0/4 unit 0 family mpls

[edit]
lab@R3# edit protocols bgp group internal

[edit protocols bgp group internal]


lab@R3# set family inet unicast

[edit protocols bgp group internal]


lab@R3# set family inet labeled-unicast rib inet.3

[edit protocols bgp group internal]


lab@R3# top edit protocols bgp group external

[edit protocols bgp group external]


lab@R3# set type external

[edit protocols bgp group external]


lab@R3# set neighbor 172.27.0.58 peer-as 60001

[edit protocols bgp group external]


lab@R3# set family inet labeled-unicast rib inet.3

[edit protocols bgp group external]


lab@R3# set family inet unicast

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–37


JNCIE Service Provider Bootcamp
[edit protocols bgp group external]
lab@R3# top edit policy-options policy-statement export-loopback

[edit policy-options policy-statement export-loopback]


lab@R3# set term 1 from protocol ospf

[edit policy-options policy-statement export-loopback]


lab@R3# set term 1 from route-filter 172.27.255.1 exact

[edit policy-options policy-statement export-loopback]


lab@R3# set term 1 then accept

[edit policy-options policy-statement export-loopback]


lab@R3# set term 2 from rib inet.3

[edit policy-options policy-statement export-loopback]


lab@R3# set term 2 from route-filter 172.27.255.1/32 exact

[edit policy-options policy-statement export-loopback]


lab@R3# set term 2 then accept

[edit policy-options policy-statement export-loopback]


lab@R3# set term 3 then reject

[edit policy-options policy-statement export-loopback]


lab@R3# top edit protocols bgp

[edit protocols bgp]


lab@R3# set group external export export-loopback

[edit protocols bgp]


lab@R3# commit and-quit

commit complete
Exiting configuration mode

lab@R3>
• R1:
lab@R1> configure
Entering configuration mode

[edit]
lab@R1# edit routing-instances vpn-3

[edit routing-instances vpn-3]


lab@R1# set instance-type vrf

[edit routing-instances vpn-3]


lab@R1# set interface ge-0/0/1

[edit routing-instances vpn-3]


lab@R1# set route-distinguisher 172.27.255.1:500

Lab 11–38 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
[edit routing-instances vpn-3]
lab@R1# set vrf-target target:60001:101

[edit routing-instances vpn-3]


lab@R1# edit protocols bgp

[edit routing-instances vpn-3 protocols bgp]


lab@R1# set group external type external

[edit routing-instances vpn-3 protocols bgp]


lab@R1# set group external neighbor 172.27.0.30

[edit routing-instances vpn-3 protocols bgp]


lab@R1# set group external peer-as 50001

[edit routing-instances vpn-3 protocols bgp]


lab@R1# top edit protocols bgp group internal

[edit protocols bgp group internal]


lab@R1# set family inet labeled-unicast rib inet.3

[edit protocols bgp group internal]


lab@R1# up

[edit protocols bgp]


lab@R1# edit group isp-a

[edit protocols bgp group isp-a]


lab@R1# set type external

[edit protocols bgp group isp-a]


lab@R1# set multihop

[edit protocols bgp group isp-a]


lab@R1# set local-address 172.27.255.1

[edit protocols bgp group isp-a]


lab@R1# set family inet unicast

[edit protocols bgp group isp-a]


lab@R1# set family inet-vpn unicast

[edit protocols bgp group isp-a]


lab@R1# set peer-as 60001

[edit protocols bgp group isp-a]


lab@R1# set neighbor 95.100.255.2

[edit protocols bgp group isp-a]


lab@R1# commit and-quit

commit complete
Exiting configuration mode

lab@R1>

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–39


JNCIE Service Provider Bootcamp
TASK VERIFICATION
Begin your verification on R3 by checking that the EBGP session is established to ISP-A. Next,
make sure that you have the remote PE’s loopback address in your inet.3 routing table on R3.
After verifying R3, move to R1 and verify that your multi-hop EBGP peering is established to the
remote PE. You can also use the same output to verify that your PE to CE BGP peering is
established and working. Next, verify that you have the loopback address in your inet.3 routing
table. The next table you want to verify is the VRF routing table. Finally, move to the VR-device
and verify reachability by pinging 85.100.255.1 from the CE-7 routing instance.
• R3:
lab@R3> show bgp summary
Groups: 2 Peers: 5 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 2 2 0 0 0 0
inet.3 1 1 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
172.27.0.58 60001 1720 1731 0 0 13:07:22 Establ
inet.0: 1/1/1/0
inet.3: 1/1/1/0
172.27.255.1 3895077211 1644 1658 0 0 12:33:41 Establ
inet.0: 1/1/1/0
inet.3: 0/0/0/0
172.27.255.2 3895077211 1654 1655 0 0 12:33:37 Establ
inet.0: 0/0/0/0
172.27.255.4 3895077211 1656 1654 0 0 12:33:33 Establ
inet.0: 0/0/0/0
172.27.255.5 3895077211 1651 1654 0 0 12:33:29 Establ
inet.0: 0/0/0/0

lab@R3> show route table inet.3

inet.3: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

95.100.255.2/32 *[BGP/170] 00:13:47, MED 1, localpref 100


AS path: 60001 I, validation-state: unverified
> to 172.27.0.58 via ge-0/0/4.0, Push 299808
172.27.255.1/32 *[RSVP/7/1] 21:37:55, metric 1
> to 172.27.0.14 via ge-0/0/1.0, label-switched-path r3-to-r1
172.27.255.4/32 *[RSVP/7/1] 21:37:21, metric 1
> to 172.27.0.14 via ge-0/0/1.0, label-switched-path r3-to-r4
172.27.255.5/32 *[RSVP/7/1] 21:37:49, metric 1
> to 172.27.0.25 via ge-0/0/3.0, label-switched-path r3-to-r5

• R1:
lab@R1> show bgp summary
Groups: 4 Peers: 7 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 1 1 0 0 0 0
bgp.l3vpn.0 42 42 0 0 0 0
inet.3 1 1 0 0 0 0

Lab 11–40 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn
State|#Active/Received/Accepted/Damped...
95.100.255.2 60001 1681 1691 0 0 12:50:22 Establ
inet.0: 0/0/0/0
bgp.l3vpn.0: 6/6/6/0
vpn-3.inet.0: 6/6/6/0
172.27.0.30 50001 1704 1706 0 0 13:01:17 Establ
vpn-3.inet.0: 5/5/5/0
172.27.0.34 65100 2848 3431 0 0 21:40:49 Establ
vpn-1.inet.0: 6/7/7/0
172.27.255.2 3895077211 1689 1676 0 0 12:48:14 Establ
inet.0: 0/0/0/0
172.27.255.3 3895077211 1665 1650 0 1 12:36:28 Establ
inet.0: 1/1/1/0
inet.3: 1/1/1/0
172.27.255.4 3895077211 1698 1687 0 0 12:50:31 Establ
inet.0: 0/0/0/0
bgp.l3vpn.0: 9/9/9/0
vpn-1.inet.0: 9/9/9/0
172.27.255.5 3895077211 1695 1686 0 0 12:50:27 Establ
inet.0: 0/0/0/0
bgp.l3vpn.0: 16/16/16/0
vpn-1.inet.0: 15/16/16/0

lab@R1> show route table inet.3

inet.3: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

95.100.255.2/32 *[BGP/170] 00:03:37, MED 1, localpref 100


AS path: 60001 I, validation-state: unverified
> to 172.27.0.58 via ge-0/0/4.0, Push 299808
172.27.255.2/32 *[LDP/9] 19:38:06, metric 1
> to 172.27.0.2 via ge-0/0/3.0
172.27.255.3/32 *[RSVP/7/1] 21:40:44, metric 1
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r3
172.27.255.4/32 *[RSVP/7/1] 21:40:20, metric 2
> to 172.27.0.9 via ae0.0, label-switched-path r1-to-r4
[LDP/9] 19:38:06, metric 1
> to 172.27.0.2 via ge-0/0/3.0, Push 299776
172.27.255.5/32 *[RSVP/7/1] 21:40:22, metric 2
to 172.27.0.9 via ae0.0, label-switched-path r1-to-r5-one
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path
r1-to-r5-two

lab@R1> show route table vpn-3.inet.0

vpn-3.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

85.100.0.0/24 *[BGP/170] 00:12:49, localpref 100


AS path: 50001 I, validation-state: unverified
> to 172.27.0.30 via ge-0/0/1.0
85.100.1.0/24 *[BGP/170] 00:12:49, localpref 100
AS path: 50001 I, validation-state: unverified

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–41


JNCIE Service Provider Bootcamp
> to 172.27.0.30 via ge-0/0/1.0
85.100.2.0/24 *[BGP/170] 00:12:49, localpref 100
AS path: 50001 I, validation-state: unverified
> to 172.27.0.30 via ge-0/0/1.0
85.100.3.0/24 *[BGP/170] 00:12:49, localpref 100
AS path: 50001 I, validation-state: unverified
> to 172.27.0.30 via ge-0/0/1.0
85.100.4.0/24 *[BGP/170] 00:12:49, localpref 100
AS path: 50001 I, validation-state: unverified
> to 172.27.0.30 via ge-0/0/1.0
85.100.5.0/24 *[BGP/170] 00:12:26, localpref 100, from 95.100.255.2
AS path: 60001 I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r3
85.100.6.0/24 *[BGP/170] 00:12:26, localpref 100, from 95.100.255.2
AS path: 60001 I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r3
85.100.7.0/24 *[BGP/170] 00:12:26, localpref 100, from 95.100.255.2
AS path: 60001 I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r3
85.100.8.0/24 *[BGP/170] 00:12:26, localpref 100, from 95.100.255.2
AS path: 60001 I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r3
85.100.9.0/24 *[BGP/170] 00:12:26, localpref 100, from 95.100.255.2
AS path: 60001 I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r3
85.100.255.1/32 *[BGP/170] 00:12:26, localpref 100, from 95.100.255.2
AS path: 60001 I, validation-state: unverified
> to 172.27.0.13 via ge-0/0/6.0, label-switched-path r1-to-r3
172.27.0.28/30 *[Direct/0] 00:12:53
> via ge-0/0/1.0
172.27.0.29/32 *[Local/0] 00:12:53
Local via ge-0/0/1.0

• VR-device:
lab@vr-device> ping 85.100.255.1 routing-instance CE-7 count 5
PING 85.100.255.1 (85.100.255.1): 56 data bytes
64 bytes from 85.100.255.1: icmp_seq=0 ttl=64 time=12.549 ms
64 bytes from 85.100.255.1: icmp_seq=1 ttl=64 time=18.650 ms
64 bytes from 85.100.255.1: icmp_seq=2 ttl=64 time=8.579 ms
64 bytes from 85.100.255.1: icmp_seq=3 ttl=64 time=9.561 ms
64 bytes from 85.100.255.1: icmp_seq=4 ttl=64 time=7.556 ms

--- 85.100.255.1 ping statistics ---


5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 7.556/11.379/18.650/4.000 ms

Question: Do your pings complete?

Answer: Yes, you should have reachability to the remote CE-8


network.

Lab 11–42 • MPLS VPNs Implementation and Troubleshooting www.juniper.net


JNCIE Service Provider Bootcamp

STOP Tell your instructor that you have completed this lab.

www.juniper.net MPLS VPNs Implementation and Troubleshooting • Lab 11–43


JNCIE Service Provider Bootcamp

Lab 11–44 • MPLS VPNs Implementation and Troubleshooting www.juniper.net

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy