JNCIE-SP v1.1 workbook (2017) - iNETZERO : … JNCIE, JNCIP-ENT, JNCIS-SEC, Nortel NNCSS. For...

JNCIE-SP v1.1 workbook (2017) Demo workbook

Why this demo workbook?

This workbook is intended to give you an idea of what the

purched workbook looks like, and the way the original workbook

teaches you the curriculum.

Due to this, we hope you will understand that

some content will be covered.

If you have any questions, please don’t hesitate to contact me.

Jörg Buesink

[email protected]

Owner iNET ZERO

About the authors

About meMaxim lives in Russia and speaks Russian and English. He started his network-

ing career in 1999. Throughout the years Maxim has designed and imple-

mented several large scale networks for enterprise and service provider

customers. Over the years he has developed several high quality courseware

materials for industry leading networking vendors. Maxim has the following

certifications: JNCIE, JNCIP-ENT, JNCIS-SEC, Nortel NNCSS. For technology

Max values efficiency and pragmatic design. When Max is not at work he likes

to spend time with his family. Max enjoys being outside in the nature and

loves to travel and exploring the world.

About meJörg lives in the Netherlands near Amsterdam and brings more than 10 years

of experience in the IT and networking industry. He has worked for several

large ISPs / service providers in the role of technical consultant,designer and

network architect.He has extensiveexperience in network implementation,

design and architecture and teached several networking classes.

CertificationsQuadruple JNCIE certified

(JNCIE-DC#007,JNCIE-ENT#21,JNCIE-SP#284 and JNCIE-SEC#30)

Triple CCIE #15032

(Routing/Switching, Service provider and Security),

Cisco CCDE#20110002 certified,

Huawei HCIE#2188 Routing and Switching.

General information

Rack rental service

Did you know that this workbook can be used in combination with our premium JNCIE rack rental service?

Take a look on our website for more information www.inetzero.com

Warning:

Please do NOT change the root account password for any of our devices to prevent unnecessary password

recovery. Thank you for your cooperation

Target audienceThis workbook is developed for experienced network engineers who are preparing for the Juniper

Networks JNCIE-SP lab exam. Although not required it is highly recommended that you have passed the

JNCIS-SP and JNCIP-SP written exams before you start using this workbook. iNET ZERO’s JNCIE-SP prepa-

ration workbook is developed in such a way that we expect you to have theoretical knowledge about the

JNCIE-SP lab exam blueprint topics (JNCIP-SP certified or working towards this certification). For exam-

ple, in this workbook we will not explain what rib-groups, LSP’s or Multicast VPNs are. What we will do

is test if you are able to configure all these technologies based on certain requirements and understand

how they interact in a typical SP environment.

How to use this workbookWe recommend that you start your JNCIE lab preparation with the workbook chapters only. Always take a

note on the time spent for each chapter/ task to see if you improved once you go over the chapters again.

Ensure that at least you go the workbook chapters twice before you start with the super lab. You are

ready to try the Super Lab if you are able to configure the chapter’s tasks without the need of the chap-

ter’s answers. The Super Lab must be completed within 8 hours.

Topology diagramsIn the chapters you will find several topology diagrams in small format. In the appendix of this workbook

you will find bigger versions of the topology diagrams for better readability. We recommend to print the

topology diagrams.

iNET ZERO supportAlways feel free to ask us questions regarding the workbook or JNCIE rack rental. You can reach us at

[email protected]. We love to hear from you regarding your preparation progress. Your feedback regard-

ing our products is also very appreciated!

Table of Content

General information

Rack rental service.......................................................................................................................

Target audience...........................................................................................................................

How to use this workbook...........................................................................................................

iNET ZERO support.......................................................................................................................

Chapter One: General System Features

Task 1. Initial System Settings......................................................................................................

Task 2. SNMP Configuration.........................................................................................................

Task 3. Firewall Filters..................................................................................................................

Task 4. Interface Configuration....................................................................................................

Task 5. Scripting...........................................................................................................................

Chapter Two: IGP Configuration and Troubleshooting

Task 1. OSPF Troubleshooting......................................................................................................

Task 2. ISIS Troubleshooting.........................................................................................................

Task 3. IGP Rollout........................................................................................................................

Chapter Three: BGP and Routing Policy

Task 1. IBGP and Confederation....................................................................................................

Task 2. EBGP Configuration...........................................................................................................

Task 3. Routing Policies ................................................................................................................

Task 4. IBGP and Route Reflection................................................................................................

Chapter Four: MPLS Configuration

Task 1. LDP Configuration.............................................................................................................

Task 2. RSVP Configuration...........................................................................................................

Task 3. RSVP Protection ................................................................................................................

Task 4. IPv6 Tunneling with 6PE ...................................................................................................

Chapter Five: L3VPN Configuration

Task 1. L3VPN Configuration.........................................................................................................

Task 2. Multicast in L3VPN............................................................................................................

Task 3. IPv6 Tunneling with 6VPE..................................................................................................

Chapter Six: L2VPN and VPLS Configuration

Task 1. L2VPN Configuration.........................................................................................................

Task 2. VPLS Configuration............................................................................................................

Chapter Seven: Inter-provider VPN Configuration

Task 1. Inter-provider VPN Option B.............................................................................................

Task 2. Inter-provider VPN Option C.............................................................................................

Chapter Eight: Class of Service

Task 1. Forwarding Classes, Queues and Schedulers....................................................................

Task 2. Classification, Policing and Marking..................................................................................

Chapter Nine: A Full Day Lab Challenge

Task 1: Initial System Configuration..............................................................................................

Task 2: Building the Network........................................................................................................

Task 3: IGP Configuration..............................................................................................................

Task 4: BGP Configuration.............................................................................................................

Task 5: MPLS Configuration...........................................................................................................

Task 6: VPN Configuration.............................................................................................................

Task 7: Class of Service Configuration...........................................................................................

Appendix 1: Additional Theory

OSPF adjacency troubleshooting...................................................................................................

BGP adjacency troubleshooting ....................................................................................................

BGP IPV6 NLRI over IPV4 peering..................................................................................................

Troubleshooting: Multicast traffic engineering using RIB-group.................................................

Advanced firewall filtering.............................................................................................................

Appendix 2 : Topology diagrams

Appendix - Chapter One: General System Features

Solution - Task 1: Initial System Configuration..............................................................................

Solution - Task 2. SNMP Configuration..........................................................................................

Solution - Task 3. Firewall Filters...................................................................................................

Solution - Task 4. Interface Configuration.....................................................................................

Solution - Task 5. Scripting.............................................................................................................

Appendix - Chapter Two: IGP Configuration and Troubleshooting

Solution - Task 1. OSPF Troubleshooting.......................................................................................

Solution - Task 2: ISIS Troubleshooting..........................................................................................

Solution - Task 3. IGP Rollout.........................................................................................................

Appendix - Chapter Three: BGP and Routing Policy

Solution - Task 1. IBGP and Confederation....................................................................................

Solution - Task 2. EBGP Configuration...........................................................................................

Solution - Task 3. Routing Policies.................................................................................................

Solution - Task 4. IBGP and Route Reflection................................................................................

Verification....................................................................................................................................

Appendix - Chapter Four: MPLS Configuration

Solution - Task 1. LDP Configuration.............................................................................................

Solution - Task 2. RSVP Configuration...........................................................................................

Solution - Task 3. RSVP Protection................................................................................................

Solution - Task 4. IPv6 Tunneling with 6PE....................................................................................

Verification....................................................................................................................................

Appendix - Chapter Five: L3VPN Configuration

Solution - Task 1. L3VPN Configuration.........................................................................................

Solution - Task 2. Multicast in L3VPN............................................................................................

Solution - Task 3. IPv6 Tunneling with 6VPE...................................................................................

Verification......................................................................................................................................

Appendix - Chapter Six: L2VPN and VPLS Configuration

Solution - Task 1. L2VPN Configuration..........................................................................................

Solution - Task 2. VPLS Configuration.............................................................................................

Verification.....................................................................................................................................

Appendix - Chapter Seven: Inter-provider VPN Configuration

Solution - Task 1. Inter-provider VPN Option B...............................................................................

Solution - Task 2. Inter-provider VPN Option C...............................................................................

Verification......................................................................................................................................

Appendix - Chapter Eight: Class of Service

Solution - Task 1. Forwarding Classes, Queues and Schedulers......................................................

Solution - Task 2. Classification, Policing and Marking....................................................................

Verification......................................................................................................................................

Appendix - Chapter Nine: A Full Day Lab Challenge

Solution - Task 1: Initial System Configuration................................................................................

Solution - Task 2: Building the Network..........................................................................................

Solution - Task 3: IGP Configuration................................................................................................

Solution - Task 4: BGP Configuration...............................................................................................

Solution - Task 5: MPLS Configuration.............................................................................................

Solution - Task 6: VPN Configuration...............................................................................................

Solution - Task 7: Class of Service Configuration .............................................................................

Solution - Route Reflector Configuration.........................................................................................

TOTAL 390+ PAGES!

Chapter One: General System Features

TIP: Throughout the workbook before you begin a chapter, we recommend

you to read the entire chapter before starting with the first task.

This chapter will focus on initial system configuration and general system features. You will configure

various features, such as host names, management network access, management user authentication and

authorization, NTP, SNMP, Syslog, RE protection firewall filters, network interfaces, and VRRP. You will be

operating 8 devices R1 through R8 referred to as your routers in this workbook.

Figure 1

Figure 2

Task 4. Interface Configuration

In this task you are configuring the network interfaces, aggregated Ethernet interfaces and VRRP.

1) Build the network as shown in Figure 3. The interface parameters can be found in Table 1.

Configure interfaces i1 and i4 on R1 and R2, and R5 and R6 to form an aggregated Ethernet

bundle. Enable LACP continuity checking on the AE interface. Configure the logical interface

descriptions.

Figure 3

NOTE: The interface unit numbers match the VLAN tags.

Enter this temporary vouchercode within 1 week to get

10% off your purchase! ( workbooks only ) Go to:

https://inetzero.com/product-category/juniper/service-provider/

jncie-sp-workbooks/ H2993DJ

Automatically expires within one week of downloading this demo workbook

Table 1

Router Interface Interface Name IP Address IPv6 Address

R1 i1 ge-0/0/1 802.3ad

i2 ge-0/0/4.114 172.30.0.5/30

i3 ge-0/0/4.118 172.30.0.9/30 link-local

i4 ge-0/0/2 802.3ad

ae0.0 172.30.0.1/30 link-local

lo0.0 172.30.5.1/32 fd17:f0f4:f691:5::1/128

R2 i1 ge-0/0/1 802.3ad

i2 ge-0/0/4.127 172.30.0.17/30

i3 ge-0/0/4.123 172.30.0.13/30 link-local

i4 ge-0/0/2 802.3ad

ae0.0 172.30.0.2/30 link-local

lo0.0 172.30.5.2/32 fd17:f0f4:f691:5::2/128

R3 i1 ge-0/0/4.134 172.30.0.21/30 link-local

i2 ge-0/0/4.136 172.30.0.25/30

i3 ge-0/0/4.123 172.30.0.14/30 link-local

i4 ge-0/0/4.200 172.30.1.1/24

i5 ge-0/0/4.201 172.30.2.1/24

lo0.0 172.30.5.3/32 fd17:f0f4:f691:5::3/128

R4 i1 ge-0/0/4.134 172.30.0.22/30 link-local

i2 ge-0/0/4.114 172.30.0.6/30

i3 ge-0/0/4.145 172.30.0.29/30 link-local

i4 ge-0/0/4.200 172.30.1.2/24

i5 ge-0/0/4.201 172.30.2.2/24

lo0.0 172.30.5.4/32 fd17:f0f4:f691:5::4/128

R5 i1 ge-0/0/1 802.3ad

i2 ge-0/0/4.158 172.30.0.37/30

i3 ge-0/0/4.145 172.30.0.30/30 link-local

i4 ge-0/0/2 802.3ad

ae0.0 172.30.0.33/30 link-local

lo0.0 172.30.5.5/32 fd17:f0f4:f691:5::5/128

Content only available in the original workbook


R6 i1 ge-0/0/1 802.3ad

i2 ge-0/0/4.136 172.30.0.26/30

i3 ge-0/0/4.167 172.30.0.41/30 link-local

i4 ge-0/0/2 802.3ad

ae0.0 172.30.0.34/30 link-local

lo0.0 172.30.5.6/32 fd17:f0f4:f691:5::6/128

R7 i1 ge-0/0/4.178 172.30.0.45/30 link-local

i2 ge-0/0/4.127 172.30.0.18/30

i3 ge-0/0/4.167 172.30.0.42/30 link-local

lo0.0 172.30.5.7/32 fd17:f0f4:f691:5::7/128

R8 i1 ge-0/0/4.178 172.30.0.46/30 link-local

i2 ge-0/0/4.158 172.30.0.38/30

i3 ge-0/0/4.118 172.30.0.10/30 link-local

lo0.0 172.30.5.8/32 fd17:f0f4:f691:5::8/128

2) On R3 and R4 configure VRRP such as R3 is the VRRP master on i4 interface and

R4 is the VRRP master on i5 interface. Use .254 Virtual Router IP address on the i4 and i5 subnets.

3) Make sure that R3 and R4 track their uplink interfaces i2 and i3 so that if both the

interfaces go down the device resigns from its VRRP mastership.

4) Make sure that VRRP messages are authenticated with MD5. Use workbook

as the authentication key.



https://inetzero.com/product-category/juniper/ser-

vice-provider/jncie-sp-workbooks/

H2993DJ


Chapter Three: BGP and Routing Policy

In this chapter you will create the BGP network including IBGP with Route Reflection and Confederation,

and multiple EBGP sessions with peers and customers emulating a typical ISP setup. You will also config-

ure multiple routing policies to achieve high accuracy control over BGP routing exchange and path selec-

tion.


Task 2. EBGP Configuration

In this task you configure IPv4 and IPv6 EBGP peering.

Figure 4

1) Configure the additional interfaces on your routers as indicated in Table 2.

Configure the interface description.

Table 2


R1 i5 ge-0/0/5.300 192.168.1.1/24

R2 i5 ge-0/0/5.300 192.168.1.2/24

R3 i6 ge-0/0/5.301 192.168.0.1/30 link-local

i7 ge-0/0/5.302 192.168.0.5/30

R5 i7 ge-0/0/5.303 192.168.0.9/30 IPv4 compatible/126

i8 ge-0/0/5.304 192.168.0.13/30 IPv4 compatible/126

R6 i5 ge-0/0/5.305 192.168.0.17/30

i6 ge-0/0/5.306 192.168.0.21/30

i7 ge-0/0/5.307 192.168.0.25/30

R7 i4 ge-0/0/5.308 192.168.0.29/30 fc09:c0:ffee::1/126

i5 ge-0/0/5.309 192.168.0.33/30

R8 i4 ge-0/0/5.310 192.168.0.37/30 fc09:c0:ffee::5/126

2) Configure IPv4 EBGP sessions as shown in Figure 4.

3) Ensure that all the EBGP session state changes are logged to syslog.

4) Make sure that both R1 and R2 peer with both IX-1 and IX-2 routers.

The IX-1 peering address is 192.168.1.3 and IX-2 is 192.168.1.4.

5) Use loopback interface peering for R6 to C2-1 session. Make sure that a single interface failure

of the R6 i6 or i7 interfaces will not break the EBGP session down. Use RIP protocol to get

the C2-1 loopback address.



https://inetzero.com/product-category/juniper/ser-

vice-provider/jncie-sp-workbooks/ H2993DJ


Chapter Four: MPLS Configuration

In this chapter you will create core MPLS network. The chapter tasks include configuration of LDP-sig-

naled LSPs, RSVP-signaled LSPs, traffic engineering, traffic protection and optimization, and LDP

tunneling.

Figure 5

Task 3. RSVP ProtectionIn this task you implement different LSP protection mechanisms.

1) Configure a backup protection path for all RSVP-signaled LSPs but K, L, O, P.

2) Make sure that for the LSPs C, D, G, H the protection path is established in advance, before

the primary path fails.

Chapter Five: L3VPN Configuration

In this chapter tasks you implement L3VPN’s. The tasks include L3VPN configuration with customers run-

ning either OSPF or BGP, dual-homed customer sites, customer Internet access, multicasting in VPNs and

IPv6 tunneling with 6VPE.

Task 1. L3VPN Configuration

1) Configure L3VPNs as shown in Figure 6. Table 3 specifies the L3VPN details.

Figure 6


Table 3

Customer Site Router PE-CE Protocol Protocol details

C1 S1 CE1-1 OSPF Area 0

S2 CE1-2 OSPF Area 0

CE1-3 OSPF Area 0

S3 CE1-4 OSPF Area 0

C2 S1 CE2-1 BGP AS 64600

CE2-2 BGP AS 64600

S2 CE2-3 BGP AS 64600

CE2-4 BGP AS 64600

S3 CE2-5 BGP AS 64600

Task 2. Multicast in L3VPN

In this task you implement Draft-Rosen and Next Generation multicast in the L3VPNs.

NOTE: Both customers C1 and C2 use 239.0.0.0/24 multicast range.

1) Enable PIM sparse mode ASM in your AS. Make sure that R1 and R2 act as anycast RP’s.

You may not use MSDP in your network.

2) Use bootstrap RP mapping in your network. Make sure that R1 is the active

BSR and R2 will take over the BSR role if R1 fails.

Appendix: Additional Theory

Troubleshooting: Multicast traffic engineering using RIB-groups

In the following scenario we will troubleshoot a multicast RPF issue with given restrictions.

A multicast receiver attached to SRX4 would like to join source specific multicast (SSM) group

232.1.1.1 send by multicast source 192.168.1.1. Assume the following requirement(s):

• Unicast traffic from SRX1 to SRX4 should always transit SRX3. • Unicast traffic from SRX4 to SRX1 should always transit SRX2.

To meet the unicast flow requirement the IGP metrics for prefixes in the inet.0 table are tuned on SRX1

and SRX4 (metric 1). For some reason the multicast traffic is not received by the receiver attached to

SRX4.

Verify PIM signalling in the network on SRX4 and SRX1:

root@srx4# run show pim join inet 232.1.1.1

Instance: PIM.master Family: INET

R = Rendezvous Point Tree, S = Sparse, W = Wildcard

Group: 232.1.1.1

Source: 192.168.1.1

Flags: sparse

Upstream interface: unknown (no nexthop)

root@srx1# run show pim source inet 192.168.1.1

Instance: PIM.master Family: iNET

Source 192.168.1.1

Prefix 192.168.1.0/24

Upstream interface ge-0/0/1.0

Upstream neighbor 192.168.1.2

We can determine that SRX4 has a reverse path forwarding (RPF) failure for multicast group 232.1.1.1

Appendix - Chapter Five: L3VPN Configuration

Solution - Task 1. L3VPN Configuration



https://inetzero.com/product-category/juniper/service-provid-

er/jncie-sp-workbooks/H2993DJ


1) Configure the additional interfaces on all routers.

[edit interfaces]

lab@Sun# show

ge-0/0/5 {

unit 311 {

description “CE2-1 connection 1”;

vlan-id 311;

family inet {

address 192.168.0.41/30;

}

}

unit 312 {


vlan-id 312;

family inet {

address 192.168.0.45/30;

}

}

unit 313 {


vlan-id 313;

family inet {

address 192.168.0.49/30;

}

}

}

lo0 {

unit 1 {

family inet {

address 172.30.5.9/32;

}

}

}2) Configure BGP VPN family on all routers.

[edit protocols bgp]

lab@Sun# show

group ibgp {

family inet-vpn {

unicast;

}

}

3) Configure BGP VPN family on route reflector.

[edit protocols bgp]

lab@route-reflector# show

group cluster-1 {

family inet-vpn {

unicast;

}

}

group cluster-2 {

family inet-vpn {

unicast;

}

}

4) Configure autonomous system loops on the route reflector.

[edit routing-options]

lab@route-reflector# show

autonomous-system 54591 loops 3;

DEMO END TOTAL 390+ PAGES!

This workbook was developed by iNET ZERO.

All rights reserved. No part of this publication may be reproduced or distributed in any form or

by any means without the prior written permission of iNET ZERO a registered company in the

Netherlands. This product cannot be used by or transferred to any other person.

You are not allowed to rent, lease, loan or sell iNET ZERO training products including this

workbook and its configurations. You are not allowed to modify, copy, upload, email or

distribute this workbook in any way. This product may only be used and printed for your

own personal use and may not be used in any commercial way. Juniper (c), Juniper Networks

inc, JNCIE, JNCIP, JNCIS, JNCIA, Juniper Networks Certified Internet Expert, are registered

trademarks of Juniper Networks, Inc.

This original workbook helped over more than 340+ people achieve the expert certification

Unfortunately you have reached the end of this demo workbook.



https://inetzero.com/product-category/juniper/service-pro-

vider/jncie-sp-workbooks/

H2993DJAutomatically expires within one week of downloading this demo workbook

Date post:	31-Mar-2018
Category:	Documents
Upload:	trandan
View:	588 times
Download:	43 times

JNCIE-SP v1.1 workbook (2017) - iNETZERO : … JNCIE, JNCIP-ENT, JNCIS-SEC, Nortel NNCSS. For...

Documents