JNCIE-SP v1.1 workbook (2017) Demo workbook
Why this demo workbook?
This workbook is intended to give you an idea of what the
purched workbook looks like, and the way the original workbook
teaches you the curriculum.
Due to this, we hope you will understand that
some content will be covered.
If you have any questions, please don’t hesitate to contact me.
Jörg Buesink
Owner iNET ZERO
About the authors
About meMaxim lives in Russia and speaks Russian and English. He started his network-
ing career in 1999. Throughout the years Maxim has designed and imple-
mented several large scale networks for enterprise and service provider
customers. Over the years he has developed several high quality courseware
materials for industry leading networking vendors. Maxim has the following
certifications: JNCIE, JNCIP-ENT, JNCIS-SEC, Nortel NNCSS. For technology
Max values efficiency and pragmatic design. When Max is not at work he likes
to spend time with his family. Max enjoys being outside in the nature and
loves to travel and exploring the world.
About meJörg lives in the Netherlands near Amsterdam and brings more than 10 years
of experience in the IT and networking industry. He has worked for several
large ISPs / service providers in the role of technical consultant,designer and
network architect.He has extensiveexperience in network implementation,
design and architecture and teached several networking classes.
CertificationsQuadruple JNCIE certified
(JNCIE-DC#007,JNCIE-ENT#21,JNCIE-SP#284 and JNCIE-SEC#30)
Triple CCIE #15032
(Routing/Switching, Service provider and Security),
Cisco CCDE#20110002 certified,
Huawei HCIE#2188 Routing and Switching.
General information
Rack rental service
Did you know that this workbook can be used in combination with our premium JNCIE rack rental service?
Take a look on our website for more information www.inetzero.com
Warning:
Please do NOT change the root account password for any of our devices to prevent unnecessary password
recovery. Thank you for your cooperation
Target audienceThis workbook is developed for experienced network engineers who are preparing for the Juniper
Networks JNCIE-SP lab exam. Although not required it is highly recommended that you have passed the
JNCIS-SP and JNCIP-SP written exams before you start using this workbook. iNET ZERO’s JNCIE-SP prepa-
ration workbook is developed in such a way that we expect you to have theoretical knowledge about the
JNCIE-SP lab exam blueprint topics (JNCIP-SP certified or working towards this certification). For exam-
ple, in this workbook we will not explain what rib-groups, LSP’s or Multicast VPNs are. What we will do
is test if you are able to configure all these technologies based on certain requirements and understand
how they interact in a typical SP environment.
How to use this workbookWe recommend that you start your JNCIE lab preparation with the workbook chapters only. Always take a
note on the time spent for each chapter/ task to see if you improved once you go over the chapters again.
Ensure that at least you go the workbook chapters twice before you start with the super lab. You are
ready to try the Super Lab if you are able to configure the chapter’s tasks without the need of the chap-
ter’s answers. The Super Lab must be completed within 8 hours.
Topology diagramsIn the chapters you will find several topology diagrams in small format. In the appendix of this workbook
you will find bigger versions of the topology diagrams for better readability. We recommend to print the
topology diagrams.
iNET ZERO supportAlways feel free to ask us questions regarding the workbook or JNCIE rack rental. You can reach us at
[email protected]. We love to hear from you regarding your preparation progress. Your feedback regard-
ing our products is also very appreciated!
Table of Content
General information
Rack rental service.......................................................................................................................
Target audience...........................................................................................................................
How to use this workbook...........................................................................................................
iNET ZERO support.......................................................................................................................
Chapter One: General System Features
Task 1. Initial System Settings......................................................................................................
Task 2. SNMP Configuration.........................................................................................................
Task 3. Firewall Filters..................................................................................................................
Task 4. Interface Configuration....................................................................................................
Task 5. Scripting...........................................................................................................................
Chapter Two: IGP Configuration and Troubleshooting
Task 1. OSPF Troubleshooting......................................................................................................
Task 2. ISIS Troubleshooting.........................................................................................................
Task 3. IGP Rollout........................................................................................................................
Chapter Three: BGP and Routing Policy
Task 1. IBGP and Confederation....................................................................................................
Task 2. EBGP Configuration...........................................................................................................
Task 3. Routing Policies ................................................................................................................
Task 4. IBGP and Route Reflection................................................................................................
Chapter Four: MPLS Configuration
Task 1. LDP Configuration.............................................................................................................
Task 2. RSVP Configuration...........................................................................................................
Task 3. RSVP Protection ................................................................................................................
Task 4. IPv6 Tunneling with 6PE ...................................................................................................
Chapter Five: L3VPN Configuration
Task 1. L3VPN Configuration.........................................................................................................
Task 2. Multicast in L3VPN............................................................................................................
Task 3. IPv6 Tunneling with 6VPE..................................................................................................
Chapter Six: L2VPN and VPLS Configuration
Task 1. L2VPN Configuration.........................................................................................................
Task 2. VPLS Configuration............................................................................................................
Chapter Seven: Inter-provider VPN Configuration
Task 1. Inter-provider VPN Option B.............................................................................................
Task 2. Inter-provider VPN Option C.............................................................................................
Chapter Eight: Class of Service
Task 1. Forwarding Classes, Queues and Schedulers....................................................................
Task 2. Classification, Policing and Marking..................................................................................
Chapter Nine: A Full Day Lab Challenge
Task 1: Initial System Configuration..............................................................................................
Task 2: Building the Network........................................................................................................
Task 3: IGP Configuration..............................................................................................................
Task 4: BGP Configuration.............................................................................................................
Task 5: MPLS Configuration...........................................................................................................
Task 6: VPN Configuration.............................................................................................................
Task 7: Class of Service Configuration...........................................................................................
Appendix 1: Additional Theory
OSPF adjacency troubleshooting...................................................................................................
BGP adjacency troubleshooting ....................................................................................................
BGP IPV6 NLRI over IPV4 peering..................................................................................................
Troubleshooting: Multicast traffic engineering using RIB-group.................................................
Advanced firewall filtering.............................................................................................................
Appendix 2 : Topology diagrams
Appendix - Chapter One: General System Features
Solution - Task 1: Initial System Configuration..............................................................................
Solution - Task 2. SNMP Configuration..........................................................................................
Solution - Task 3. Firewall Filters...................................................................................................
Solution - Task 4. Interface Configuration.....................................................................................
Solution - Task 5. Scripting.............................................................................................................
Appendix - Chapter Two: IGP Configuration and Troubleshooting
Solution - Task 1. OSPF Troubleshooting.......................................................................................
Solution - Task 2: ISIS Troubleshooting..........................................................................................
Solution - Task 3. IGP Rollout.........................................................................................................
Appendix - Chapter Three: BGP and Routing Policy
Solution - Task 1. IBGP and Confederation....................................................................................
Solution - Task 2. EBGP Configuration...........................................................................................
Solution - Task 3. Routing Policies.................................................................................................
Solution - Task 4. IBGP and Route Reflection................................................................................
Verification....................................................................................................................................
Appendix - Chapter Four: MPLS Configuration
Solution - Task 1. LDP Configuration.............................................................................................
Solution - Task 2. RSVP Configuration...........................................................................................
Solution - Task 3. RSVP Protection................................................................................................
Solution - Task 4. IPv6 Tunneling with 6PE....................................................................................
Verification....................................................................................................................................
Appendix - Chapter Five: L3VPN Configuration
Solution - Task 1. L3VPN Configuration.........................................................................................
Solution - Task 2. Multicast in L3VPN............................................................................................
Solution - Task 3. IPv6 Tunneling with 6VPE...................................................................................
Verification......................................................................................................................................
Appendix - Chapter Six: L2VPN and VPLS Configuration
Solution - Task 1. L2VPN Configuration..........................................................................................
Solution - Task 2. VPLS Configuration.............................................................................................
Verification.....................................................................................................................................
Appendix - Chapter Seven: Inter-provider VPN Configuration
Solution - Task 1. Inter-provider VPN Option B...............................................................................
Solution - Task 2. Inter-provider VPN Option C...............................................................................
Verification......................................................................................................................................
Appendix - Chapter Eight: Class of Service
Solution - Task 1. Forwarding Classes, Queues and Schedulers......................................................
Solution - Task 2. Classification, Policing and Marking....................................................................
Verification......................................................................................................................................
Appendix - Chapter Nine: A Full Day Lab Challenge
Solution - Task 1: Initial System Configuration................................................................................
Solution - Task 2: Building the Network..........................................................................................
Solution - Task 3: IGP Configuration................................................................................................
Solution - Task 4: BGP Configuration...............................................................................................
Solution - Task 5: MPLS Configuration.............................................................................................
Solution - Task 6: VPN Configuration...............................................................................................
Solution - Task 7: Class of Service Configuration .............................................................................
Solution - Route Reflector Configuration.........................................................................................
TOTAL 390+ PAGES!
Chapter One: General System Features
TIP: Throughout the workbook before you begin a chapter, we recommend
you to read the entire chapter before starting with the first task.
This chapter will focus on initial system configuration and general system features. You will configure
various features, such as host names, management network access, management user authentication and
authorization, NTP, SNMP, Syslog, RE protection firewall filters, network interfaces, and VRRP. You will be
operating 8 devices R1 through R8 referred to as your routers in this workbook.
Figure 1
Figure 2
Task 4. Interface Configuration
In this task you are configuring the network interfaces, aggregated Ethernet interfaces and VRRP.
1) Build the network as shown in Figure 3. The interface parameters can be found in Table 1.
Configure interfaces i1 and i4 on R1 and R2, and R5 and R6 to form an aggregated Ethernet
bundle. Enable LACP continuity checking on the AE interface. Configure the logical interface
descriptions.
Figure 3
NOTE: The interface unit numbers match the VLAN tags.
Enter this temporary vouchercode within 1 week to get
10% off your purchase! ( workbooks only ) Go to:
https://inetzero.com/product-category/juniper/service-provider/
jncie-sp-workbooks/ H2993DJ
Automatically expires within one week of downloading this demo workbook
Table 1
Router Interface Interface Name IP Address IPv6 Address
R1 i1 ge-0/0/1 802.3ad
i2 ge-0/0/4.114 172.30.0.5/30
i3 ge-0/0/4.118 172.30.0.9/30 link-local
i4 ge-0/0/2 802.3ad
ae0.0 172.30.0.1/30 link-local
lo0.0 172.30.5.1/32 fd17:f0f4:f691:5::1/128
R2 i1 ge-0/0/1 802.3ad
i2 ge-0/0/4.127 172.30.0.17/30
i3 ge-0/0/4.123 172.30.0.13/30 link-local
i4 ge-0/0/2 802.3ad
ae0.0 172.30.0.2/30 link-local
lo0.0 172.30.5.2/32 fd17:f0f4:f691:5::2/128
R3 i1 ge-0/0/4.134 172.30.0.21/30 link-local
i2 ge-0/0/4.136 172.30.0.25/30
i3 ge-0/0/4.123 172.30.0.14/30 link-local
i4 ge-0/0/4.200 172.30.1.1/24
i5 ge-0/0/4.201 172.30.2.1/24
lo0.0 172.30.5.3/32 fd17:f0f4:f691:5::3/128
R4 i1 ge-0/0/4.134 172.30.0.22/30 link-local
i2 ge-0/0/4.114 172.30.0.6/30
i3 ge-0/0/4.145 172.30.0.29/30 link-local
i4 ge-0/0/4.200 172.30.1.2/24
i5 ge-0/0/4.201 172.30.2.2/24
lo0.0 172.30.5.4/32 fd17:f0f4:f691:5::4/128
R5 i1 ge-0/0/1 802.3ad
i2 ge-0/0/4.158 172.30.0.37/30
i3 ge-0/0/4.145 172.30.0.30/30 link-local
i4 ge-0/0/2 802.3ad
ae0.0 172.30.0.33/30 link-local
lo0.0 172.30.5.5/32 fd17:f0f4:f691:5::5/128
Content only available in the original workbook
Router Interface Interface Name IP Address IPv6 Address
R6 i1 ge-0/0/1 802.3ad
i2 ge-0/0/4.136 172.30.0.26/30
i3 ge-0/0/4.167 172.30.0.41/30 link-local
i4 ge-0/0/2 802.3ad
ae0.0 172.30.0.34/30 link-local
lo0.0 172.30.5.6/32 fd17:f0f4:f691:5::6/128
R7 i1 ge-0/0/4.178 172.30.0.45/30 link-local
i2 ge-0/0/4.127 172.30.0.18/30
i3 ge-0/0/4.167 172.30.0.42/30 link-local
lo0.0 172.30.5.7/32 fd17:f0f4:f691:5::7/128
R8 i1 ge-0/0/4.178 172.30.0.46/30 link-local
i2 ge-0/0/4.158 172.30.0.38/30
i3 ge-0/0/4.118 172.30.0.10/30 link-local
lo0.0 172.30.5.8/32 fd17:f0f4:f691:5::8/128
2) On R3 and R4 configure VRRP such as R3 is the VRRP master on i4 interface and
R4 is the VRRP master on i5 interface. Use .254 Virtual Router IP address on the i4 and i5 subnets.
3) Make sure that R3 and R4 track their uplink interfaces i2 and i3 so that if both the
interfaces go down the device resigns from its VRRP mastership.
4) Make sure that VRRP messages are authenticated with MD5. Use workbook
as the authentication key.
Enter this temporary vouchercode within 1 week to get
10% off your purchase! ( workbooks only ) Go to:
https://inetzero.com/product-category/juniper/ser-
vice-provider/jncie-sp-workbooks/
H2993DJ
Automatically expires within one week of downloading this demo workbook
Chapter Three: BGP and Routing Policy
In this chapter you will create the BGP network including IBGP with Route Reflection and Confederation,
and multiple EBGP sessions with peers and customers emulating a typical ISP setup. You will also config-
ure multiple routing policies to achieve high accuracy control over BGP routing exchange and path selec-
tion.
Content only available in the original workbook
Task 2. EBGP Configuration
In this task you configure IPv4 and IPv6 EBGP peering.
Figure 4
1) Configure the additional interfaces on your routers as indicated in Table 2.
Configure the interface description.
Table 2
Router Interface Interface Name IP Address IPv6 Address
R1 i5 ge-0/0/5.300 192.168.1.1/24
R2 i5 ge-0/0/5.300 192.168.1.2/24
R3 i6 ge-0/0/5.301 192.168.0.1/30 link-local
i7 ge-0/0/5.302 192.168.0.5/30
R5 i7 ge-0/0/5.303 192.168.0.9/30 IPv4 compatible/126
i8 ge-0/0/5.304 192.168.0.13/30 IPv4 compatible/126
R6 i5 ge-0/0/5.305 192.168.0.17/30
i6 ge-0/0/5.306 192.168.0.21/30
i7 ge-0/0/5.307 192.168.0.25/30
R7 i4 ge-0/0/5.308 192.168.0.29/30 fc09:c0:ffee::1/126
i5 ge-0/0/5.309 192.168.0.33/30
R8 i4 ge-0/0/5.310 192.168.0.37/30 fc09:c0:ffee::5/126
2) Configure IPv4 EBGP sessions as shown in Figure 4.
3) Ensure that all the EBGP session state changes are logged to syslog.
4) Make sure that both R1 and R2 peer with both IX-1 and IX-2 routers.
The IX-1 peering address is 192.168.1.3 and IX-2 is 192.168.1.4.
5) Use loopback interface peering for R6 to C2-1 session. Make sure that a single interface failure
of the R6 i6 or i7 interfaces will not break the EBGP session down. Use RIP protocol to get
the C2-1 loopback address.
Enter this temporary vouchercode within 1 week to get
10% off your purchase! ( workbooks only ) Go to:
https://inetzero.com/product-category/juniper/ser-
vice-provider/jncie-sp-workbooks/ H2993DJ
Automatically expires within one week of downloading this demo workbook
Chapter Four: MPLS Configuration
In this chapter you will create core MPLS network. The chapter tasks include configuration of LDP-sig-
naled LSPs, RSVP-signaled LSPs, traffic engineering, traffic protection and optimization, and LDP
tunneling.
Figure 5
Task 3. RSVP ProtectionIn this task you implement different LSP protection mechanisms.
1) Configure a backup protection path for all RSVP-signaled LSPs but K, L, O, P.
2) Make sure that for the LSPs C, D, G, H the protection path is established in advance, before
the primary path fails.
Chapter Five: L3VPN Configuration
In this chapter tasks you implement L3VPN’s. The tasks include L3VPN configuration with customers run-
ning either OSPF or BGP, dual-homed customer sites, customer Internet access, multicasting in VPNs and
IPv6 tunneling with 6VPE.
Task 1. L3VPN Configuration
1) Configure L3VPNs as shown in Figure 6. Table 3 specifies the L3VPN details.
Figure 6
Content only available in the original workbook
Table 3
Customer Site Router PE-CE Protocol Protocol details
C1 S1 CE1-1 OSPF Area 0
S2 CE1-2 OSPF Area 0
CE1-3 OSPF Area 0
S3 CE1-4 OSPF Area 0
C2 S1 CE2-1 BGP AS 64600
CE2-2 BGP AS 64600
S2 CE2-3 BGP AS 64600
CE2-4 BGP AS 64600
S3 CE2-5 BGP AS 64600
Task 2. Multicast in L3VPN
In this task you implement Draft-Rosen and Next Generation multicast in the L3VPNs.
NOTE: Both customers C1 and C2 use 239.0.0.0/24 multicast range.
1) Enable PIM sparse mode ASM in your AS. Make sure that R1 and R2 act as anycast RP’s.
You may not use MSDP in your network.
2) Use bootstrap RP mapping in your network. Make sure that R1 is the active
BSR and R2 will take over the BSR role if R1 fails.
Appendix: Additional Theory
Troubleshooting: Multicast traffic engineering using RIB-groups
In the following scenario we will troubleshoot a multicast RPF issue with given restrictions.
A multicast receiver attached to SRX4 would like to join source specific multicast (SSM) group
232.1.1.1 send by multicast source 192.168.1.1. Assume the following requirement(s):
• Unicast traffic from SRX1 to SRX4 should always transit SRX3. • Unicast traffic from SRX4 to SRX1 should always transit SRX2.
To meet the unicast flow requirement the IGP metrics for prefixes in the inet.0 table are tuned on SRX1
and SRX4 (metric 1). For some reason the multicast traffic is not received by the receiver attached to
SRX4.
Verify PIM signalling in the network on SRX4 and SRX1:
root@srx4# run show pim join inet 232.1.1.1
Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
Group: 232.1.1.1
Source: 192.168.1.1
Flags: sparse
Upstream interface: unknown (no nexthop)
root@srx1# run show pim source inet 192.168.1.1
Instance: PIM.master Family: iNET
Source 192.168.1.1
Prefix 192.168.1.0/24
Upstream interface ge-0/0/1.0
Upstream neighbor 192.168.1.2
We can determine that SRX4 has a reverse path forwarding (RPF) failure for multicast group 232.1.1.1
Appendix - Chapter Five: L3VPN Configuration
Solution - Task 1. L3VPN Configuration
Enter this temporary vouchercode within 1 week to get
10% off your purchase! ( workbooks only ) Go to:
https://inetzero.com/product-category/juniper/service-provid-
er/jncie-sp-workbooks/H2993DJ
Automatically expires within one week of downloading this demo workbook
1) Configure the additional interfaces on all routers.
[edit interfaces]
lab@Sun# show
ge-0/0/5 {
unit 311 {
description “CE2-1 connection 1”;
vlan-id 311;
family inet {
address 192.168.0.41/30;
}
}
unit 312 {
description “CE2-1 connection 2”;
vlan-id 312;
family inet {
address 192.168.0.45/30;
}
}
unit 313 {
description “CE2-1 connection 3”;
vlan-id 313;
family inet {
address 192.168.0.49/30;
}
}
}
lo0 {
unit 1 {
family inet {
address 172.30.5.9/32;
}
}
}2) Configure BGP VPN family on all routers.
[edit protocols bgp]
lab@Sun# show
group ibgp {
family inet-vpn {
unicast;
}
}
3) Configure BGP VPN family on route reflector.
[edit protocols bgp]
lab@route-reflector# show
group cluster-1 {
family inet-vpn {
unicast;
}
}
group cluster-2 {
family inet-vpn {
unicast;
}
}
4) Configure autonomous system loops on the route reflector.
[edit routing-options]
lab@route-reflector# show
autonomous-system 54591 loops 3;
DEMO END TOTAL 390+ PAGES!
This workbook was developed by iNET ZERO.
All rights reserved. No part of this publication may be reproduced or distributed in any form or
by any means without the prior written permission of iNET ZERO a registered company in the
Netherlands. This product cannot be used by or transferred to any other person.
You are not allowed to rent, lease, loan or sell iNET ZERO training products including this
workbook and its configurations. You are not allowed to modify, copy, upload, email or
distribute this workbook in any way. This product may only be used and printed for your
own personal use and may not be used in any commercial way. Juniper (c), Juniper Networks
inc, JNCIE, JNCIP, JNCIS, JNCIA, Juniper Networks Certified Internet Expert, are registered
trademarks of Juniper Networks, Inc.
This original workbook helped over more than 340+ people achieve the expert certification
Unfortunately you have reached the end of this demo workbook.
Enter this temporary vouchercode within 1 week to get
10% off your purchase! ( workbooks only ) Go to:
https://inetzero.com/product-category/juniper/service-pro-
vider/jncie-sp-workbooks/
H2993DJAutomatically expires within one week of downloading this demo workbook