Professional Documents
Culture Documents
Lab Practice Sol
Lab Practice Sol
Solution:
annotate system “Configure by Yong Di @ March 1 2016"
Task 2:
Bring ae5 between R7 & T1. Run lacp on the link on ae5. BGP session between routers
should switch to down in case of any link member of ae5 outage. T1 has already been
configured.
Solution:
set chassis aggregated-devices ethernet device-count 6
Task 3:
Protect, make RE filter on R6 - allow telnet, SSH, SNMP, all BGP sessions from configured.
Allow all traffic of any protocol from any source & destination, police ping to 8mb. Silently
deny another traffic.
Solution:
set firewall policer 8mbps if-exceeding bandwidth-limit 8m
set firewall policer 8mbps if-exceeding burst-size-limit 1500
set firewall policer 8mbps then discard
set policy-options prefix-list BGP apply-path "protocols bgp group <*> neighbor <*>"
Task 4:
Configure the bgp such that r2 and r5 don’t install the bgp routes in their forwarding table
Solution:
set policy-options policy-statement BGP-Discard term 1 from protocol bgp
set policy-options policy-statement BGP-Discard term 1 then reject
Task 1 - 4 points:
Ensure that all adjacencies are up.
Solution:
(Note: IGP will be already pre-configured)
(Note: Delete no-summary from NSSA ABR)
(Note: Check Family iso & inet6 on interfaces & check if OSPF neighborship is down due to
subnet mask mismatch)
R1-R8
set protocols isis no-ipv4-routing
set protocols isis level 1 disable
R1
set protocols ospf area 0.0.0.0 interface ge-1/2/1.2
set protocols ospf area 0.0.0.0 interface ge-1/2/2.2
set protocols ospf area 0.0.0.0 interface lo0.1
set protocols ospf area 0.0.0.1 nssa default-lsa default-metric 1
set protocols ospf area 0.0.0.1 interface ge-1/2/4.2
set protocols ospf area 0.0.0.1 interface ge-1/2/6.2
R2
set protocols ospf area 0.0.0.0 interface ge-1/2/0.2
set protocols ospf area 0.0.0.0 interface ge-1/2/4.3
set protocols ospf area 0.0.0.0 interface ge-1/2/7.10
set protocols ospf area 0.0.0.0 interface ge-1/2/2.3
set protocols ospf area 0.0.0.0 interface lo0.2
R3
set protocols ospf area 0.0.0.0 interface ge-1/2/3.3
set protocols ospf area 0.0.0.0 interface ge-1/2/6.3
set protocols ospf area 0.0.0.0 interface ge-1/2/0.3
set protocols ospf area 0.0.0.0 interface ge-1/2/4.4
set protocols ospf area 0.0.0.0 interface lo0.3
R4
set protocols ospf area 0.0.0.1 nssa
set protocols ospf area 0.0.0.1 interface ge-1/2/1.4
set protocols ospf area 0.0.0.1 interface ge-1/2/5.2
set protocols ospf area 0.0.0.1 interface ge-1/2/2.5
set protocols ospf area 0.0.0.1 interface lo0.4
R6
set protocols ospf area 0.0.0.0 interface ge-1/2/5.5
set protocols ospf area 0.0.0.0 interface ge-1/2/6.10
set protocols ospf area 0.0.0.0 interface ge-1/2/1.3
set protocols ospf area 0.0.0.0 interface ge-1/2/2.4
set protocols ospf area 0.0.0.0 interface lo0.6
R7
set protocols ospf area 0.0.0.1 nssa
set protocols ospf area 0.0.0.1 interface ge-1/2/7.2
set protocols ospf area 0.0.0.1 interface ge-1/2/3.5
set protocols ospf area 0.0.0.1 interface lo0.7
R8
set protocols ospf area 0.0.0.0 interface ge-1/2/5.4
set protocols ospf area 0.0.0.0 interface ge-1/2/3.4
set protocols ospf area 0.0.0.0 interface lo0.8
R1
set interfaces lo0 unit 1 family iso address 49.0000.0010.0200.0001.0001.00
R2
set interfaces lo0 unit 2 family iso address 49.0000.0010.0200.0001.0002.00
R3
set interfaces lo0 unit 3 family iso address 49.0000.0010.0200.0001.0003.00
R4
set interfaces lo0 unit 4 family iso address 49.0000.0010.0200.0001.0004.00
R5
set interfaces lo0 unit 5 family iso address 49.0000.0010.0200.0001.0005.00
R6
set interfaces lo0 unit 6 family iso address 49.0000.0010.0200.0001.0006.00
R7
set interfaces lo0 unit 7 family iso address 49.0000.0010.0200.0001.0007.00
R8
set interfaces lo0 unit 8 family iso address 49.0000.0010.0200.0001.0008.00
Task 2 - 3 points
Advertise an IPV4 route that encompasses your ipv4 network to the data center. You may
not advertise a default route. If necessary you may telnet to the data centre router.
Task 3 - 4 points
Ensure bidirectional communication between your network and the data center using both
ipv4 and ipv6. The data center uses OSPFv3 (area 0) to route both IPv4 and IPv6.
Solution:
(Note: Troubleshoot if interface is P2P or MA, Which Area, Authentication, MTU?)
(Note: if NSSA no-Summary is not removed from NSSA ABR, routes will not advertised)
R4
set policy-options policy-statement Core-DC term 1 from protocol aggregate
set policy-options policy-statement Core-DC term 1 then tag 47
set policy-options policy-statement Core-DC term 1 then accept
R7
Task 4: 4 Points
Ensure that R7 is the preferred entry and exit point towards the data centre for both ipv4
and ipv6. There should be redundancy to reach the data centre in case R7 fails.
Solution:
R7
set policy-options policy-statement DC-Core term 2 then external type 1
R4
set protocols ospf3 preference 200
set protocols ospf3 external-preference 200
set protocols ospf3 realm ipv4-unicast preference 200
set protocols ospf3 realm ipv4-unicast external-preference 200
3- MPLS - 19 points
Task 1 - 3 points
Ensure that the LSPs are up and meet the path requirements in the mpls exhibit
Solution:
R1-R6
set protocols mpls admin-groups RED 1
set protocols mpls admin-groups BLUE 2
R1
set protocols rsvp interface all
R2
set protocols rsvp interface all
R3
set protocols rsvp interface all
R4
set protocols rsvp interface all
R5
set protocols rsvp interface all
R6
set protocols rsvp interface all
R7
set protocols mpls interface all
R8
set protocols mpls interface all
Task 2:
Using administrative group ensure that r3-to-r1 LSP transits R5, you may not use the link
b/w R1 and R2. You cannot change the preconfigured Administrative group and link coloring
as shown in the MPLS exhibit.
Solution:
set protocols mpls label-switched-path R3-R1 admin-group exclude BLUE
or
Can define link coloring on R4 as R4-R5 as BLUE and R4-R1 as BLUE (vice versa on R5 & R1)
and configure below:
Task 3:
Ensure that the r1-to-r6 LSP has a pre-established alternate path in case of link failure.
Ensure that this path can be shared by other LSPs. You may not manually configure
secondary paths.
Solution:
R1
set protocols mpls path R1-R2-R3 10.200.2.14 strict
set protocols mpls path R1-R2-R3 10.200.2.6 strict
set protocols mpls label-switched-path R1-R3 primary R1-R2-R3
R2
set protocols rsvp interface ge-1/2/7.10 link-protection
Task 2 - 2 points
Ensure that the r3-to-r4 LSP always transits R5 with a reserved bandwidth of 700M. Ensure
that the r6-to-r4 LSP reserves a bandwidth of 700M
Solution:
set protocols mpls path R3-R5-R4 10.200.2.8 strict
set protocols mpls path R3-R5-R4 10.200.2.19 strict
set protocols mpls label-switched-path R3-R4 primary R3-R5-R4
R6
set protocols mpls path R6-R5-R4 10.200.2.11 strict
set protocols mpls path R6-R5-R4 10.200.2.19 strict
set protocols mpls label-switched-path R6-R4 primary R6-R5-R4
R5
set interfaces ge-1/2/0 unit 4 bandwidth 2g
Task 3: 3 points
On the ingress router only, ensure that the primary path for the r1-to-r3 LSP has a pre-
established alternate path to the egress router in case of the link or node failure throughout
the network. You may not manually configure secondary paths. Ensure that the alternate
path uses blue links only and you may change the primary path of the r1-to-r3 LSP. You
cannot change the preconfigured administrative groups and link coloring as shown in the
MPLS exhibit.
Solution:
set protocols mpls label-switched-path R1-R3 fast-reroute include-all BLUE
If marking is not set of R4 before than do it at this step. Please check solution for MPLS Task
2.
Task 4 - 4 points:
Ensure that inet.3 tables on the R7 and R8 contain only the loopback addresses of the
R1,R3,R4 and R6 as well as each other's loopback addresses. These routes must remain in
inet.3 even with a link failure. R7 and R8 cannot learn RSVP and R2 and R5 cannot run LDP.
Solution:
R1
set protocols ldp interface ge-1/2/6.2
set protocols ldp interface lo0.1
R3
set protocols ldp interface ge-1/2/4.4
set protocols ldp interface lo0.3
R4
set protocols ldp interface ge-1/2/2.5
set protocols ldp interface lo0.4
R5
set protocols ldp interface ge-1/2/2.4
set protocols ldp interface lo0.6
R1 & R5
set protocols ospf area 0.0.0.0 virtual-link neighbor-id 10.200.1.4 transit-area 0.0.0.1
R4
set protocols ospf area 0.0.0.0 virtual-link neighbor-id 10.200.1.1 transit-area 0.0.0.1
set protocols ospf area 0.0.0.0 virtual-link neighbor-id 10.200.1.5 transit-area 0.0.0.1
Task 5 - 1 point
Ensure that all OSPF destinations use MPLS for forwarding on R3.
Solution:
set protocols ospf traffic-engineering shortcuts
set protocols mpls traffic-engineering bgp-igp-both-ribs
Task 6 - 6 points
Ensure that all customers are able to reach all ipv4 and ipv6 bgp learned destinations (as
shown in the bgp exhibit). The traffic must be MPLS encapsulated when it transits R2 and
R5.
Ensure IPv6 traffic is tunneled through MPLS.
Solution:
R1-R8
set protocols mpls ipv6-tunneling
To balance inet.3 and inet6.3 routes as per requirements, implement the following:
R2
set protocols mpls label-switched-path R2-R1 install 10.200.1.7/32
set protocols mpls label-switched-path R2-R3 install 10.200.1.8/32
set protocols mpls label-switched-path R2-R4 install 10.200.1.7/32
set protocols mpls label-switched-path R2-R6 install 10.200.1.8/32
R5
set protocols mpls label-switched-path R5-R1 install 10.200.1.7/32
set protocols mpls label-switched-path R5-R3 install 10.200.1.8/32
set protocols mpls label-switched-path R5-R4 install 10.200.1.7/32
set protocols mpls label-switched-path R5-R6 install 10.200.1.8/32
R7 & R8
set routing-options rib-groups 0-to-6 import-rib inet.0
set routing-options rib-groups 0-to-6 import-rib inet6.3
set routing-options rib-groups 0-to-6 import-policy LOOPBACKS
4- BGP - 21 points
Note: see the section's exhibit for information about the aggregates each AS will send and
address you may use to test reachability "per packet" load-balancing is preconfigured on
every router.
Task 1 - 3 points
Configure R2 and R5 to be route reflectors for the R1, R3, R4, R6, R7 and R8. Ensure that all
route reflector clients have all BGP learned prefixes for all necessary address families in their
routing table. Current configuration includes all necessary BGP neighbor statements. You
may modify the neighbor properties. Do not add any additional BGP neighbors.
R5
set protocols bgp group rr cluster 10.200.1.5
set protocols bgp group core cluster 10.200.1.5
R1-R8
set protocols bgp group rr family inet unicast
set protocols bgp group rr family inet6 labeled-unicast
R2 & R5
set protocols bgp group core family inet unicast
set protocols bgp group core family inet6 labeled-unicast
Task 2 - 2 points
For ipv4 unicast routes, ensure that R2 and R5 reflect all BGP routes, rather than just the
active BGP route for each prefix.
Solution:
R2 & R5
set protocols bgp group core advertise-inactive
Task 3 - 1 point:
R6 is receiving BGP announcements for same prefixes from both P3 and P2. Ensure that
both next hops are installed in the forwarding table. You may use prefix 4.0.0.0/8 to test the
configuration.
Solution:
set protocols bgp group P2 peer-as 2000
set protocols bgp group P2 multipath multiple-as
set protocols bgp group P2 neighbor 172.16.6.2
Task 4 - 3 points
Currently C2 is sending both IPV4 and IPv6 routes over a single bgp session to R7. R7 is not
accepting the ipv6 routes. From its loopback address 2222:2222:2222::1, C2 is not able to
reach BGP learned IPv6 destination. Ensure that 2222:2222:2222::1 can ping 3000:1000::1
Solution:
set policy-options policy-statement C2-Imp term 1 from rib inet6.0
set policy-options policy-statement C2-Imp term 1 then next-hop 2001:172:16:6::42
Task 5 - 2 points
For traffic to BGP learned destinations, ensure that traffic from C3 to the P1 or P2 router on
the IXP lan segment transits R6.
Solution:
set policy-options policy-statement LP term 1 then local-preference 150
Task 6 - 2 points
P1 is advertising routes that indicate its preferred entry point into the P1 network .Modify
your routing policy to ensure that traffic destined for P1 uses P1's preferred exit point,
traffic to T1 and P2 should continue to exit your network at the closest exit point
Solution:
In Solution, there will be set-MED export policy implemented which is nullifying the P1
advertised MED. We need to reinforce it by removing either set-MED policy or apply new
MED policy matching advertise MED value to P1 specific neighbour.
R1-R8
set protocols bgp group rr family inet unicast add-path receive
set protocols bgp group rr family inet6 labeled-unicast add-path receive
R2 & R5
set protocols bgp group rr family inet unicast add-path send path-count 6
set protocols bgp group rr family inet6 unicast add-path send path-count 6
set protocols bgp group core family inet labeled-unicast add-path send path-count 6
set protocols bgp group core family inet6 labeled-unicast add-path send path-count 6
Task 7 - 2 points
Modify your routing policy to ensure that routes received from customers with the
community x:100(where x is the AS number) have your AS pre-pended to the AS path
additional three times when advertised to T1. You should not override the AS path for
routes advertised to other BGP peers.
Solution:
R6 & R7 (or any other router where T1 is installed)
Task 8 - 6 points
Modify your routing policy to implement remote triggered black hole (RTBH) feature. Ensure
that traffic destined to routes received from customers with the community x:666 (where x
is the customer AS number) is discarded at the entry point to your autonomous system a
prefix filter is currently included in each customer import policy. Ensure that the RTBH
features is restricted only to more specific prefixes of the existing prefix-list. Other bgp
learned prefixes should not trigger the RTBH feature even if they included the x:666
community
Solution:
Task 9 – 2 points
Include your AS IGP distance to the bgp next hop in all bgp ipv4 advertisements to C1.
Solution:
R7
set policy-options policy-statement C2-Exp term 1 then metric igp
set protocols bgp group C2 export C2-Exp
Task 10 – 2 points
Ensure traffic from C2 to P2 and P3 passes R6.
Solution:
R6
set protocols bgp group C2 peer-as 10000
set protocols bgp group C2 neighbor 172.16.6.4
set protocols bgp group C2 export NHS
5- VPN – 24 points
You don’t have access to VPN CE devices, see the exhibit for the route advertisements from
the VPN CE devices.
For L3VPN add inet-vpn family and L2VPN (VPLS) add l2vpn family on all VPN PE & RR.
set protocols bgp group rr family inet-vpn unicast
set protocols bgp group rr family l2vpn signalling
set protocols bgp group core family inet-vpn unicast RR only
set protocols bgp group core family l2vpn signalling RR only
Task 1: 6 points
Configure L3vpn called GRAY that includes gray sites. Use OSPF as the PE CE protocol. Make
sure that all CE devices in GRAY receive all routes and have full connectivity within GRAY.
Make sure that all routes received from site 2 appear as OSPF type 5 LSA in site 1.
Solution:
R4
set policy-options policy-statement GRAY-Exp term 1 from protocol direct
set policy-options policy-statement GRAY-Exp term 1 from protocol ospf
set policy-options policy-statement GRAY-Exp term 1 then community add GRAY
set policy-options policy-statement GRAY-Exp term 1 then community add GRAY-domain
set policy-options policy-statement GRAY-Exp term 1 then accept
set policy-options policy-statement GRAY-Imp term 1 from protocol bgp
set policy-options policy-statement GRAY-Imp term 1 from community GRAY
set policy-options policy-statement GRAY-Imp term 1 then accept
R8
set policy-options policy-statement GRAY-Exp from protocol direct
set policy-options policy-statement GRAY-Exp from protocol ospf
set policy-options policy-statement GRAY-Exp then community add GRAY
set policy-options policy-statement GRAY-Exp then community add GRAY-domain
set policy-options policy-statement GRAY-Exp then accept
set policy-options policy-statement GRAY-Imp term 1 from protocol bgp
set policy-options policy-statement GRAY-Imp term 1 from community GRAY
set policy-options policy-statement GRAY-Imp term 1 then accept
Task 2: 3 points.
Configure a Layer 3 VPN RED that includes CE1, CE2, CE3, CE4, and CE5. Use BGP as the PE
CE protocol. Ensure that CE devices from RED receive all routes and have full connectivity
within RED.
Task 3: 6 points
The CE device for Site 2, Site3 and NOC must exchange route information and forward traffic
through CE1 at Site 1 to reach each other. USE VLAN 51 and routing-instance named RED
Hub to send traffic to CE1. Use VLAN 52 and a routing-instance named red spoke to receive
traffic from CE1
Solution:
R1
set policy-options policy-statement RED-Exp term 1 from protocol direct
set policy-options policy-statement RED-Exp term 1 from protocol bgp
set policy-options policy-statement RED-Exp term 1 then community add RED-Exp
set policy-options policy-statement RED-Exp term 1 then accept
set policy-options policy-statement RED-Imp term 1 from protocol bgp
set policy-options policy-statement RED-Imp term 1 from community RED-Imp
set policy-options policy-statement RED-Imp term 1 then accept
set policy-options community RED-Exp members target:222:222
set policy-options community RED-Imp members target:111:111
R4
set policy-options policy-statement RED-Exp term 1 from protocol direct
set policy-options policy-statement RED-Exp term 1 from protocol bgp
set policy-options policy-statement RED-Exp term 1 then community add RED-Exp
set policy-options policy-statement RED-Exp term 1 then accept
set policy-options policy-statement RED-Imp term 1 from protocol bgp
set policy-options policy-statement RED-Imp term 1 from community RED-Imp
set policy-options policy-statement RED-Imp term 1 then accept
set policy-options community RED-Exp members target:222:222
set policy-options community RED-Imp members target:111:111
R8
set policy-options policy-statement RED-Hub-Exp term 1 from protocol direct
set policy-options policy-statement RED-Hub-Exp term 1 from protocol bgp
set policy-options policy-statement RED-Hub-Exp term 1 then community add RED-Exp
set policy-options policy-statement RED-Hub-Exp term 1 then accept
set policy-options policy-statement RED-Hub-Imp term 1 then reject
set policy-options policy-statement RED-Spoke-Exp term 1 then reject
set policy-options policy-statement RED-Spoke-Imp term 1 from protocol bgp
set policy-options policy-statement RED-Spoke-Imp term 1 from community RED-Imp
set policy-options policy-statement RED-Spoke-Imp term 1 then accept
set policy-options community RED-Exp members target:111:111
set policy-options community RED-Imp members target:222:222
Task 4: 6 points
Create a VPLS VPN named GREEN that includes CE1 and CE2. Ensure that CE devices in
Green are able to communicate with each other. Ensure the VLAN tags are sent across the
pseudowire. Use a routing instance and LDP as the VPN signaling protocol. USE VLAN 500
with site 1 and VLAN 600 with Site 2. Note that CE1 is configured to only communicate using
VLAN 500 and CE2 is configured to only communicate using vlan 600
Solution:
(Note: If after creating interface commit operation give error, do exclude interface-group
from VPLS PE-CE interface)
R4
set interfaces ge-1/3/3 unit 500 encapsulation vlan-vpls
set interfaces ge-1/3/3 unit 500 vlan-id 500
set interfaces ge-1/3/3 unit 500 family vpls
R8
set interfaces ge-1/3/2 unit 600 encapsulation vlan-vpls
set interfaces ge-1/3/2 unit 600 vlan-id 600
set interfaces ge-1/3/2 unit 600 family vpls
Task 5: 3 points.
Configure R8 to enable communication between GRAY and RED. Ensure that GRAY-CE2 can
communicate with RED-CE1 but other sites of RED or GRAY cannot reach each other.
Solution:
R8
del policy-options policy-statement RED-Hub-Imp
set policy-options policy-statement RED-Hub-Imp term 1 from community
GRAY
set policy-options policy-statement RED-Hub-Imp term 1 then accept
R4
set policy-options community RED-Imp members target:111:111
set policy-options as-path HUB "(30000)?"
set policy-options policy-statement GRAY-Imp term 2 from community RED-Imp
set policy-options policy-statement GRAY-Imp term 2 from as-path HUB
set policy-options policy-statement GRAY-Imp term 2 then accept
Task1: 6 points
Create a layer 3 vpn named pink that includes pink sites ensure that all ce devices in pink
receive all routes and have full connectivity within pink use bgp as the pe-ce protocols at
sites 3 while use ospf at site 1 and site 2
Solution:
It’s the mix of both RED & GRAY VPN where PINK CE3 is same as RED CE3 which use BGP as
the PE-CE protocol. PINK CE1 & CE2 is same as GRAY CE1 & CE2. Use same configuration as
mentioned above with matching RT.
Task2: 4 points
For pink vpn ensure that all routes received from site2 appear as OSPF type 5 LSA at site1.
Ensure that the CE devices at site 2 prefer the pink vpn to reach each other
Solution:
This is also same as GRAY VPN where we need to use VPN domain community. The
additional requirement is Sham link configuration.
R4
set interfaces lo0 unit 41 family inet address 41.41.41.41/32
set routing-instances PINK interface lo0.41
set routing-instances PINK protocols ospf sham-link local 41.41.41.41
set routing-instances PINK protocols ospf area 0.0.0.0 sham-link-remote 81.81.81.81 metric
1
set routing-instances PINK protocols ospf area 0.0.0.0 interface lo0.41
R8
set interfaces lo0 unit 81 family inet address 81.81.81.81/32
set routing-instances PINK interface lo0.81
set routing-instances PINK protocols ospf sham-link local 81.81.81.81
set routing-instances PINK protocols ospf area 0.0.0.0 sham-link-remote 41.41.41.41 metric
1
set routing-instances PINK protocols ospf area 0.0.0.0 interface lo0.81
Task3: 6 points
Create a vpls vpn named BLUE that includes blue sites. Ensure that all site have full
connectivity and site 3 is multihomed to R3 and R8. Ensure that no loop exists within the
VPN and R3 is the primary entry and exit point for Site 3. Use bgp as the signaling protocol
Solution:
R4
set routing-instances BLUE instance-type vpls
set routing-instances BLUE vlan-id 512
set routing-instances BLUE interface ge-1/3/6.600
set routing-instances BLUE route-distinguisher 1:1
set routing-instances BLUE vrf-target target:1:1
set routing-instances BLUE protocols vpls no-tunnel-services
set routing-instances BLUE protocols vpls site SITE1 site-identifier 1
R3 or R6 (makes no difference)
set routing-instances BLUE instance-type vpls
set routing-instances BLUE vlan-id 512
set routing-instances BLUE interface ge-1/3/7.500
set routing-instances BLUE route-distinguisher 1:1
set routing-instances BLUE vrf-target target:1:1
set routing-instances BLUE protocols vpls no-tunnel-services
set routing-instances BLUE protocols vpls site SITE2 site-identifier 2
set routing-instances BLUE protocols vpls site SITE2 multi-homing
set routing-instances BLUE protocols vpls site SITE2 site-preference primary
R8
set routing-instances BLUE instance-type vpls
set routing-instances BLUE vlan-id 512
set routing-instances BLUE interface ge-1/3/5.500
set routing-instances BLUE route-distinguisher 1:1
set routing-instances BLUE vrf-target target:1:1
set routing-instances BLUE protocols vpls no-tunnel-services
set routing-instances BLUE protocols vpls site SITE2 site-identifier 2
set routing-instances BLUE protocols vpls site SITE2 multi-homing
set routing-instances BLUE protocols vpls site SITE2 site-preference backup
Task4: 4 points
For blue VPN ensure that packet with 1500 byte ethernet payload size can be sent between
the CE devices
Solution:
There is nothing to configure for this task, as Core is already configured to pass 1500B
Ethernet payload between CE. If not, change the MTU of core to meet the requirements.
Task5: 4 points
For blue vpn ensure that broadcast unknown unicast and multicast traffic from site 1 is not
duplicated on any core links
Solution:
set routing-instances BLUE provider-tunnel rsvp-te label-switched-path-template default-
template
Task 1: 3 points
Traffic from C2 to C4 already has COS markings applied as noted in this section exhibit.
However, some EF and AF traffic, which is currently assigned to Q3 and Q2 is being dropped.
Ensure the in-profile traffic from different classes can successfully reach C4. You may not
assign the traffic to a different forwarding class.
Task 2: 1 point:
Ensure that the traffic from task 1 doesn’t expand beyond its configured settings.
Solution:
R7
set class-of-service scheduler-maps C2-C4 forwarding-class NC scheduler NC
set class-of-service scheduler-maps C2-C4 forwarding-class BE scheduler BE
set class-of-service scheduler-maps C2-C4 forwarding-class AF scheduler AF
set class-of-service scheduler-maps C2-C4 forwarding-class EF scheduler EF
set class-of-service schedulers NC transmit-rate percent 10
set class-of-service schedulers NC buffer-size percent 10
set class-of-service schedulers NC priority strict-high
set class-of-service schedulers EF transmit-rate percent 20
set class-of-service schedulers EF buffer-size percent 20
set class-of-service schedulers EF priority high
set class-of-service schedulers AF transmit-rate percent 20
set class-of-service schedulers AF buffer-size percent 20
set class-of-service schedulers AF priority medium-high
set class-of-service schedulers BE transmit-rate percent 50
set class-of-service schedulers BE buffer-size percent 50
set class-of-service schedulers BE priority low
Task 3: 3 points
Ensure that the COS marked traffic from C2 has its markings removed as it arrives C4.
Solution:
set class-of-service rewrite-rules inet-precedence reset forwarding-class BE loss-priority low
code-point 000
set class-of-service rewrite-rules inet-precedence reset forwarding-class AF loss-priority low
code-point 000
set class-of-service rewrite-rules inet-precedence reset forwarding-class EF loss-priority low
code-point 000
set class-of-service rewrite-rules inet-precedence reset forwarding-class NC loss-priority low
code-point 000
Task 4: 5 points:
Ensure that traffic from C1 to C3 uses specific LSPs based on COS markings according to the
information in this section’s exhibit
Solution:
set policy-options policy-statement LSP-Fwd term 1 from route-filter 218.3.0.0/16 exact
set policy-options policy-statement LSP-Fwd term 1 then install-nexthop lsp R3-R6-af
set policy-options policy-statement LSP-Fwd term 2 from route-filter 218.4.0.0/16 exact
set policy-options policy-statement LSP-Fwd term 2 then install-nexthop lsp R3-R6-be
218.3.0.0/16 R3-R6-af
218.4.0.0/16 R3-R6-be
Class of service exhibit
IPP marking