Lab Practice Sol

Contents
Device infra 9 points ............................................................................................................... 2

Task 1: .................................................................................................................................... 2
Solution:................................................................................................................................. 2
Task 2: .................................................................................................................................... 2
Solution:................................................................................................................................. 2
Task 3: .................................................................................................................................... 2
Solution:................................................................................................................................. 2
Task 4: .................................................................................................................................... 3
Solution:................................................................................................................................. 3
2- Interior gateway protocol - 15 points .................................................................................. 3
Task 1 - 4 points:.................................................................................................................... 3
Solution:................................................................................................................................. 3
Task 2 - 3 points ..................................................................................................................... 6
Task 3 - 4 points ..................................................................................................................... 6
Solution:................................................................................................................................. 6
Task 4: 4 Points ...................................................................................................................... 7
Device infra 9 points
Task 1:
Annotate
Solution:
annotate system “Configure by Yong Di @ March 1 2016"
Task 2:
Bring ae5 between R7 & T1. Run lacp on the link on ae5. BGP session between routers
should switch to down in case of any link member of ae5 outage. T1 has already been
configured.
Solution:
set chassis aggregated-devices ethernet device-count 6
set interfaces ge-0/0/2 gigether-options 802.3ad ae5

set interfaces ge-0/0/3 gigether-options 802.3ad ae5
set interfaces ae5 aggregated-ether-options minimum-links 2

set interfaces ae5 aggregated-ether-options lacp active
set interfaces ae5.0 family inet X.X.X.X/X
Task 3:
Protect, make RE filter on R6 - allow telnet, SSH, SNMP, all BGP sessions from configured.
Allow all traffic of any protocol from any source & destination, police ping to 8mb. Silently
deny another traffic.
Solution:
set firewall policer 8mbps if-exceeding bandwidth-limit 8m
set firewall policer 8mbps if-exceeding burst-size-limit 1500
set firewall policer 8mbps then discard
set policy-options prefix-list BGP apply-path "protocols bgp group <*> neighbor <*>"
set firewall filter PE-Filter term 1 from protocol tcp

set firewall filter PE-Filter term 1 from protocol udp
set firewall filter PE-Filter term 1 from destination-port ssh
set firewall filter PE-Filter term 1 from destination-port telnet
set firewall filter PE-Filter term 1 from destination-port snmp
set firewall filter PE-Filter term 1 from destination-port ldp
set firewall filter PE-Filter term 1 then accept
set firewall filter PE-Filter term 2 from prefix-list BGP
set firewall filter PE-Filter term 2 from destination-port bgp
set firewall filter PE-Filter term 4 from protocol icmp
set firewall filter PE-Filter term 4 from icmp-type echo-request
set firewall filter PE-Filter term 4 from icmp-type echo-reply
set firewall filter PE-Filter term 4 then policer 8mbps
set firewall filter PE-Filter term 3 from protocol ospf
set firewall filter PE-Filter term 3 from protocol rsvp
set firewall filter PE-Filter term 3 from protocol icmp
set firewall filter PE-Filter term 3 from protocol icmp6
set firewall filter PE-Filter term 5 then discard
Task 4:
Configure the bgp such that r2 and r5 don’t install the bgp routes in their forwarding table
Solution:
set policy-options policy-statement BGP-Discard term 1 from protocol bgp
set policy-options policy-statement BGP-Discard term 1 then reject
set routing-options forwarding-table export BGP-Discard
2- Interior gateway protocol - 15 points

No static routes may be used unless otherwise stated in the task. All internal interfaces are in
ISIS level 2 for ipv6 routing. OSPF v2 is used for the ipv4 routing . You may not change your
OSPF version or area number in your network. You cannot change any link metric. You may
change other OSPF parameters if needed. See this section's exhibit for more information
about the OSPF multi-area design
Task 1 - 4 points:
Ensure that all adjacencies are up.
Solution:
(Note: IGP will be already pre-configured)
(Note: Delete no-summary from NSSA ABR)
(Note: Check Family iso & inet6 on interfaces & check if OSPF neighborship is down due to
subnet mask mismatch)
R1-R8
set protocols isis no-ipv4-routing
set protocols isis level 1 disable
R1
set protocols ospf area 0.0.0.0 interface ge-1/2/1.2
set protocols ospf area 0.0.0.0 interface lo0.1
set protocols ospf area 0.0.0.1 nssa default-lsa default-metric 1
set protocols isis interface ge-1/2/1.2

set protocols isis interface lo0.1
R2

R3

R4
set protocols ospf area 0.0.0.1 nssa

R5
set protocols ospf area 0.0.0.1 nssa default-lsa default-metric 1

R6

R7
set protocols ospf area 0.0.0.1 nssa

R8

R1
set interfaces lo0 unit 1 family iso address 49.0000.0010.0200.0001.0001.00
R2
R3
R4
R5
R6
R7
R8
Task 2 - 3 points
Advertise an IPV4 route that encompasses your ipv4 network to the data center. You may
not advertise a default route. If necessary you may telnet to the data centre router.
Task 3 - 4 points
Ensure bidirectional communication between your network and the data center using both
ipv4 and ipv6. The data center uses OSPFv3 (area 0) to route both IPv4 and IPv6.
Solution:
(Note: Troubleshoot if interface is P2P or MA, Which Area, Authentication, MTU?)
(Note: if NSSA no-Summary is not removed from NSSA ABR, routes will not advertised)
R4
set policy-options policy-statement Core-DC term 1 from protocol aggregate
set policy-options policy-statement Core-DC term 1 then tag 47
set policy-options policy-statement Core-DC term 1 then accept
set protocols ospf3 area 0.0.0.0 interface ge-1/2/8.17

set protocols ospf3 realm ipv4-unicast area 0.0.0.0 interface ge-1/2/8.17 interface-type p2p
set protocols ospf3 export Core-DC
set protocols ospf3 realm ipv4-unicast export Core-DC
set policy-options policy-statement DC-Core term 1 from tag 47

set policy-options policy-statement DC-Core term 1 then reject
set policy-options policy-statement DC-Core term 2 from protocol ospf3
set policy-options policy-statement DC-Core term 2 then accept
set protocols ospf export DC-Core

set protocols isis export DC-Core
R7
set policy-options policy-statement Core-DC term 1 from protocol aggregate

set policy-options policy-statement Core-DC term 1 then tag 47
set policy-options policy-statement Core-DC term 1 then accept
set protocols ospf3 area 0.0.0.0 interface ge-1/2/8.18

set protocols ospf3 realm ipv4-unicast area 0.0.0.0 interface ge-1/2/8.18 interface-type p2p
set protocols ospf3 export Core-DC
set protocols ospf3 realm ipv4-unicast export Core-DC
set policy-options policy-statement DC-Core term 1 from tag 47

set policy-options policy-statement DC-Core term 1 then reject
set policy-options policy-statement DC-Core term 2 from protocol ospf3
set policy-options policy-statement DC-Core term 2 then accept
set protocols ospf export DC-Core

set protocols isis export DC-Core
Task 4: 4 Points
Ensure that R7 is the preferred entry and exit point towards the data centre for both ipv4
and ipv6. There should be redundancy to reach the data centre in case R7 fails.
Solution:
R7
set policy-options policy-statement DC-Core term 2 then external type 1
R4
set protocols ospf3 preference 200
set protocols ospf3 external-preference 200
set protocols ospf3 realm ipv4-unicast preference 200
set protocols ospf3 realm ipv4-unicast external-preference 200
3- MPLS - 19 points
Task 1 - 3 points
Ensure that the LSPs are up and meet the path requirements in the mpls exhibit
Solution:
R1-R6
set protocols mpls admin-groups RED 1
set protocols mpls admin-groups BLUE 2
R1
set protocols rsvp interface all
set protocols mpls label-switched-path R1-R2 to 10.200.1.2

set protocols mpls interface all
set protocols mpls interface ge-1/2/1.2 admin-group [RED BLUE]

set protocols mpls interface ge-1/2/2.2 admin-group RED
set protocols mpls interface ge-1/2/4.2 admin-group BLUE
R2


R3

set protocols mpls label-switched-path R3-R6-af to 10.200.1.6
set protocols mpls label-switched-path R3-R6-af primary R3-R2-R6
set protocols mpls label-switched-path R3-R6-af metric 10
set protocols mpls label-switched-path R3-R6-be to 10.200.1.6
set protocols mpls label-switched-path R3-R6-be primary R3-R5-R6
set protocols mpls label-switched-path R3-R6-be metric 10

R4

R5


R6

set protocols mpls interface ge-1/2/6.10 admin-group [BLUE RED]
R7
R8
Task 2:
Using administrative group ensure that r3-to-r1 LSP transits R5, you may not use the link
b/w R1 and R2. You cannot change the preconfigured Administrative group and link coloring
as shown in the MPLS exhibit.
Solution:
set protocols mpls label-switched-path R3-R1 admin-group exclude BLUE
or
Can define link coloring on R4 as R4-R5 as BLUE and R4-R1 as BLUE (vice versa on R5 & R1)
and configure below:
set protocols mpls label-switched-path R3-R1 admin-group include BLUE
Task 3:
Ensure that the r1-to-r6 LSP has a pre-established alternate path in case of link failure.
Ensure that this path can be shared by other LSPs. You may not manually configure
secondary paths.
Solution:
R1
set protocols mpls path R1-R2-R3 10.200.2.14 strict
set protocols mpls label-switched-path R1-R3 primary R1-R2-R3
set protocols mpls label-switched-path R1-R6 link-protection
set protocols rsvp interface ge-1/2/1.2 link-protection
R2
set protocols rsvp interface ge-1/2/7.10 link-protection
Task 2 - 2 points
Ensure that the r3-to-r4 LSP always transits R5 with a reserved bandwidth of 700M. Ensure
that the r6-to-r4 LSP reserves a bandwidth of 700M
Solution:
set protocols mpls label-switched-path R3-R4 bandwidth 700m
R6
set protocols mpls label-switched-path R6-R4 bandwidth 700m
R5
set interfaces ge-1/2/0 unit 4 bandwidth 2g
Task 3: 3 points
On the ingress router only, ensure that the primary path for the r1-to-r3 LSP has a pre-
established alternate path to the egress router in case of the link or node failure throughout
the network. You may not manually configure secondary paths. Ensure that the alternate
path uses blue links only and you may change the primary path of the r1-to-r3 LSP. You
cannot change the preconfigured administrative groups and link coloring as shown in the
MPLS exhibit.
Solution:
set protocols mpls label-switched-path R1-R3 fast-reroute include-all BLUE
If marking is not set of R4 before than do it at this step. Please check solution for MPLS Task
2.
Task 4 - 4 points:
Ensure that inet.3 tables on the R7 and R8 contain only the loopback addresses of the
R1,R3,R4 and R6 as well as each other's loopback addresses. These routes must remain in
inet.3 even with a link failure. R7 and R8 cannot learn RSVP and R2 and R5 cannot run LDP.
Solution:
R1
set protocols ldp interface ge-1/2/6.2
set protocols ldp interface lo0.1
set protocols mpls label-switched-path R1-R3 ldp-tunneling

R3

R4

R5

R1 & R5
set protocols ospf area 0.0.0.0 virtual-link neighbor-id 10.200.1.4 transit-area 0.0.0.1
R4
Task 5 - 1 point
Ensure that all OSPF destinations use MPLS for forwarding on R3.
Solution:
set protocols ospf traffic-engineering shortcuts
set protocols mpls traffic-engineering bgp-igp-both-ribs
Task 6 - 6 points
Ensure that all customers are able to reach all ipv4 and ipv6 bgp learned destinations (as
shown in the bgp exhibit). The traffic must be MPLS encapsulated when it transits R2 and
R5.
Ensure IPv6 traffic is tunneled through MPLS.
Solution:
R1-R8
set protocols mpls ipv6-tunneling
To balance inet.3 and inet6.3 routes as per requirements, implement the following:
R2
set protocols mpls label-switched-path R2-R1 install 10.200.1.7/32
R5
R7 & R8
set routing-options rib-groups 0-to-6 import-rib inet.0
set routing-options rib-groups 0-to-6 import-rib inet6.3
set routing-options rib-groups 0-to-6 import-policy LOOPBACKS
set policy-options policy-statement LOOPBACKS term 1 from rib inet6.3

set policy-options policy-statement LOOPBACKS term 1 from routefilter ::ffff:10.200.1.0/64
prefix-length-range /128-/128
set policy-options policy-statement LOOPBACKS term 1 then accept
set policy-options policy-statement LOOPBACKS term 2 then reject
set protocols ospf rib-groups 0-to-6
4- BGP - 21 points
Note: see the section's exhibit for information about the aggregates each AS will send and
address you may use to test reachability "per packet" load-balancing is preconfigured on
every router.
Task 1 - 3 points
Configure R2 and R5 to be route reflectors for the R1, R3, R4, R6, R7 and R8. Ensure that all
route reflector clients have all BGP learned prefixes for all necessary address families in their
routing table. Current configuration includes all necessary BGP neighbor statements. You
may modify the neighbor properties. Do not add any additional BGP neighbors.
(Note: All the BGP neighbors iBGP/eBGP have already configured)

Solution:
R2
set protocols bgp group rr cluster 10.200.1.2
set protocols bgp group core cluster 10.200.1.2
R5
set protocols bgp group rr cluster 10.200.1.5
set protocols bgp group core cluster 10.200.1.5
R1-R8
set protocols bgp group rr family inet unicast
set protocols bgp group rr family inet6 labeled-unicast
R2 & R5
set protocols bgp group core family inet unicast
set protocols bgp group core family inet6 labeled-unicast
Task 2 - 2 points
For ipv4 unicast routes, ensure that R2 and R5 reflect all BGP routes, rather than just the
active BGP route for each prefix.
Solution:
R2 & R5
set protocols bgp group core advertise-inactive
Task 3 - 1 point:
R6 is receiving BGP announcements for same prefixes from both P3 and P2. Ensure that
both next hops are installed in the forwarding table. You may use prefix 4.0.0.0/8 to test the
configuration.
Solution:
set protocols bgp group P2 peer-as 2000
set protocols bgp group P2 multipath multiple-as
set protocols bgp group P2 neighbor 172.16.6.2
set protocols bgp group P3 peer-as 3000

set protocols bgp group P3 multipath multiple-as
set protocols bgp group P3 neighbor 172.16.6.3
Task 4 - 3 points
Currently C2 is sending both IPV4 and IPv6 routes over a single bgp session to R7. R7 is not
accepting the ipv6 routes. From its loopback address 2222:2222:2222::1, C2 is not able to
reach BGP learned IPv6 destination. Ensure that 2222:2222:2222::1 can ping 3000:1000::1
Solution:
set policy-options policy-statement C2-Imp term 1 from rib inet6.0
set policy-options policy-statement C2-Imp term 1 then next-hop 2001:172:16:6::42
set protocols bgp group C2 accept-remote-nexthop

set protocols bgp group C2 import C2-Imp
set protocols bgp group C2 family inet unicast
set protocols bgp group C2 family inet6 unicast
set protocols bgp group C2 peer-as 10000
set protocols bgp group C2 neighbor 172.16.6.41
Task 5 - 2 points
For traffic to BGP learned destinations, ensure that traffic from C3 to the P1 or P2 router on
the IXP lan segment transits R6.
Solution:
set policy-options policy-statement LP term 1 then local-preference 150
set protocols bgp group P1 import LP

set protocols bgp group P2 import LP
Task 6 - 2 points
P1 is advertising routes that indicate its preferred entry point into the P1 network .Modify
your routing policy to ensure that traffic destined for P1 uses P1's preferred exit point,
traffic to T1 and P2 should continue to exit your network at the closest exit point
Solution:
In Solution, there will be set-MED export policy implemented which is nullifying the P1
advertised MED. We need to reinforce it by removing either set-MED policy or apply new
MED policy matching advertise MED value to P1 specific neighbour.
set policy-options policy-statement MEDXXX term 1 then metric XXX
R1-R8
set protocols bgp group rr family inet unicast add-path receive
set protocols bgp group rr family inet6 labeled-unicast add-path receive
R2 & R5
set protocols bgp group rr family inet unicast add-path send path-count 6
set protocols bgp group rr family inet6 unicast add-path send path-count 6
set protocols bgp group core family inet labeled-unicast add-path send path-count 6
set protocols bgp group core family inet6 labeled-unicast add-path send path-count 6
Task 7 - 2 points
Modify your routing policy to ensure that routes received from customers with the
community x:100(where x is the AS number) have your AS pre-pended to the AS path
additional three times when advertised to T1. You should not override the AS path for
routes advertised to other BGP peers.
Solution:
R6 & R7 (or any other router where T1 is installed)
set policy-options community C2 members 10000:100

set policy-options policy-statement AS-Prep term 1 from community C2

set policy-options policy-statement AS-Prep term 1 then as-path-prepend "12345678
12345678 12345678"
Task 8 - 6 points
Modify your routing policy to implement remote triggered black hole (RTBH) feature. Ensure
that traffic destined to routes received from customers with the community x:666 (where x
is the customer AS number) is discarded at the entry point to your autonomous system a
prefix filter is currently included in each customer import policy. Ensure that the RTBH
features is restricted only to more specific prefixes of the existing prefix-list. Other bgp
learned prefixes should not trigger the RTBH feature even if they included the x:666
community
Solution:
R3, R6, R7 & R8

set policy-options community no-exp members no-export
set policy-options policy-statement RTBH term 1 from route-filter 0.0.0.0/0 prefix-length-

range /0-/31
set policy-options policy-statement RTBH term 1 then next policy
set policy-options policy-statement RTBH term 2 from community RTBH
set policy-options policy-statement RTBH term 2 from prefix-list-filter C4-prefix orlonger
set policy-options policy-statement RTBH term 2 then community add no-exp
set policy-options policy-statement RTBH term 2 then next-hop reject
set policy-options policy-statement RTBHv6 term 1 from route-filter ::/0 prefix-length-range
/0-/127
set policy-options policy-statement RTBHv6 term 1 then next policy
set policy-options policy-statement RTBHv6 term 2 from community RTBH
set policy-options policy-statement RTBHv6 term 2 from prefix-list-filter C4-v6-prefix
orlonger
set policy-options policy-statement RTBHv6 term 2 then community add no-exp
set policy-options policy-statement RTBHv6 term 2 then next-hop reject
set protocols bgp group rr import RTBH
set protocols bgp group rr import RTBHv6
set protocols bgp group C4 import RTBH
set protocols bgp group C4 import RTBHv6
Task 9 – 2 points
Include your AS IGP distance to the bgp next hop in all bgp ipv4 advertisements to C1.
Solution:
R7
set policy-options policy-statement C2-Exp term 1 then metric igp
set protocols bgp group C2 export C2-Exp
Task 10 – 2 points
Ensure traffic from C2 to P2 and P3 passes R6.
Solution:
R6
set protocols bgp group C2 peer-as 10000
set protocols bgp group C2 neighbor 172.16.6.4
set protocols bgp group C2 export NHS
5- VPN – 24 points
You don’t have access to VPN CE devices, see the exhibit for the route advertisements from
the VPN CE devices.
For L3VPN add inet-vpn family and L2VPN (VPLS) add l2vpn family on all VPN PE & RR.
set protocols bgp group rr family inet-vpn unicast
set protocols bgp group rr family l2vpn signalling
set protocols bgp group core family inet-vpn unicast  RR only
set protocols bgp group core family l2vpn signalling  RR only
Task 1: 6 points
Configure L3vpn called GRAY that includes gray sites. Use OSPF as the PE CE protocol. Make
sure that all CE devices in GRAY receive all routes and have full connectivity within GRAY.
Make sure that all routes received from site 2 appear as OSPF type 5 LSA in site 1.
Solution:
R4
set policy-options policy-statement GRAY-Exp term 1 from protocol direct
set policy-options policy-statement GRAY-Exp term 1 from protocol ospf
set policy-options policy-statement GRAY-Exp term 1 then community add GRAY
set policy-options policy-statement GRAY-Exp term 1 then community add GRAY-domain
set policy-options policy-statement GRAY-Exp term 1 then accept
set policy-options policy-statement GRAY-Imp term 1 from protocol bgp
set policy-options policy-statement GRAY-Imp term 1 from community GRAY
set policy-options policy-statement GRAY-Imp term 1 then accept
set policy-options policy-statement GRAY-BGP->OSPF term 1 from protocol bgp

set policy-options policy-statement GRAY-BGP->OSPF term 1 then accept
set policy-options community GRAY members target:100:100

set policy-options community GRAY-domain members domain:4:4
set routing-instances GRAY instance-type vrf

set routing-instances GRAY interface ge-1/2/8.15
set routing-instances GRAY route-distinguisher 100:100
set routing-instances GRAY vrf-import GRAY-Imp
set routing-instances GRAY vrf-export GRAY-Exp
set routing-instances GRAY protocols ospf area 0.0.0.0 interface ge-1/2/8.15
set routing-instances GRAY protocols ospf domain-vpn-tag 4
set routing-instances GRAY protocols ospf export GRAY-BGP->OSPF
R8
set policy-options policy-statement GRAY-Exp from protocol direct
set policy-options policy-statement GRAY-Exp from protocol ospf
set policy-options policy-statement GRAY-Exp then community add GRAY
set policy-options policy-statement GRAY-Exp then community add GRAY-domain
set policy-options policy-statement GRAY-Exp then accept
set policy-options policy-statement GRAY-Imp term 1 from protocol bgp
set policy-options policy-statement GRAY-Imp term 1 from community GRAY
set policy-options policy-statement GRAY-BGP->OSPF term 1 from protocol bgp

set policy-options policy-statement GRAY-BGP->OSPF term 1 then accept
set policy-options community GRAY members target:100:100
set policy-options community GRAY-domain members domain:8:8
set routing-instances GRAY instance-type vrf

set routing-instances GRAY interface ge-1/2/8.10
set routing-instances GRAY route-distinguisher 100:100
set routing-instances GRAY vrf-import GRAY-Imp
set routing-instances GRAY vrf-export GRAY-Exp
set routing-instances GRAY protocols ospf domain-vpn-tag 8
set routing-instances GRAY protocols ospf area 0.0.0.10 interface ge-1/2/8.10
set routing-instances GRAY protocols ospf export GRAY-BGP->OSPF
Task 2: 3 points.
Configure a Layer 3 VPN RED that includes CE1, CE2, CE3, CE4, and CE5. Use BGP as the PE
CE protocol. Ensure that CE devices from RED receive all routes and have full connectivity
within RED.
Task 3: 6 points
The CE device for Site 2, Site3 and NOC must exchange route information and forward traffic
through CE1 at Site 1 to reach each other. USE VLAN 51 and routing-instance named RED
Hub to send traffic to CE1. Use VLAN 52 and a routing-instance named red spoke to receive
traffic from CE1
Solution:
R1
set policy-options policy-statement RED-Exp term 1 from protocol direct
set policy-options policy-statement RED-Exp term 1 from protocol bgp
set policy-options policy-statement RED-Exp term 1 then community add RED-Exp
set policy-options policy-statement RED-Exp term 1 then accept
set policy-options policy-statement RED-Imp term 1 from protocol bgp
set policy-options policy-statement RED-Imp term 1 from community RED-Imp
set policy-options policy-statement RED-Imp term 1 then accept
set policy-options community RED-Exp members target:222:222
set policy-options community RED-Imp members target:111:111
et routing-instances RED-CE2 instance-type vrf

set routing-instances RED-CE2 interface ge-1/2/8.2
set routing-instances RED-CE2 route-distinguisher 1:111
set routing-instances RED-CE2 vrf-import RED-Imp
set routing-instances RED-CE2 vrf-export RED-Exp
set routing-instances RED-CE2 protocols bgp group Spoke advertise-peer-as
set routing-instances RED-CE2 protocols bgp group Spoke family inet unicast loops 3
set routing-instances RED-CE2 protocols bgp group Spoke peer-as 30000
set routing-instances RED-CE2 protocols bgp group Spoke neighbor 172.16.1.14
set routing-instances RED-CE3 instance-type vrf
set routing-instances RED-CE3 interface ge-1/2/8.11
set routing-instances RED-CE3 route-distinguisher 1:222
set routing-instances RED-CE3 vrf-import RED-Imp
set routing-instances RED-CE3 vrf-export RED-Exp
set routing-instances RED-CE3 protocols bgp group Spoke advertise-peer-as
set routing-instances RED-CE3 protocols bgp group Spoke family inet unicast loops 3
set routing-instances RED-CE3 protocols bgp group Spoke peer-as 30000
set routing-instances RED-CE3 protocols bgp group Spoke neighbor 172.16.6.14
R4
set policy-options policy-statement RED-Exp term 1 from protocol direct
set policy-options policy-statement RED-Exp term 1 from protocol bgp
set policy-options policy-statement RED-Exp term 1 then community add RED-Exp
set policy-options policy-statement RED-Exp term 1 then accept
set policy-options policy-statement RED-Imp term 1 from protocol bgp
set policy-options policy-statement RED-Imp term 1 from community RED-Imp
set policy-options policy-statement RED-Imp term 1 then accept
set routing-instances RED-NOC instance-type vrf

set routing-instances RED-NOC interface ge-1/2/9.200
set routing-instances RED-NOC route-distinguisher 4:111
set routing-instances RED-NOC vrf-import RED-Imp
set routing-instances RED-NOC vrf-export RED-Exp
set routing-instances RED-NOC protocols bgp group NOC advertise-peer-as
set routing-instances RED-NOC protocols bgp group NOC family inet unicast loops 3
set routing-instances RED-NOC protocols bgp group NOC peer-as 30000
set routing-instances RED-NOC protocols bgp group NOC neighbor 172.16.6.18
R8
set policy-options policy-statement RED-Hub-Exp term 1 from protocol direct
set policy-options policy-statement RED-Hub-Exp term 1 from protocol bgp
set policy-options policy-statement RED-Hub-Exp term 1 then community add RED-Exp
set policy-options policy-statement RED-Hub-Exp term 1 then accept
set policy-options policy-statement RED-Hub-Imp term 1 then reject
set policy-options policy-statement RED-Spoke-Exp term 1 then reject
set policy-options policy-statement RED-Spoke-Imp term 1 from protocol bgp
set policy-options policy-statement RED-Spoke-Imp term 1 from community RED-Imp
set policy-options policy-statement RED-Spoke-Imp term 1 then accept
set routing-instances RED-Hub instance-type vrf

set routing-instances RED-Hub interface ge-1/2/8.51
set routing-instances RED-Hub route-distinguisher 8:111
set routing-instances RED-Hub vrf-import RED-Hub-Imp
set routing-instances RED-Hub vrf-export RED-Hub-Exp
set routing-instances RED-Hub protocols bgp group Hub advertise-peer-as
set routing-instances RED-Hub protocols bgp group Hub family inet unicast loops 3
set routing-instances RED-Hub protocols bgp group Hub peer-as 30000
set routing-instances RED-Hub protocols bgp group Hub neighbor 172.16.4.18
set routing-instances RED-Spoke instance-type vrf
set routing-instances RED-Spoke interface ge-1/2/8.52
set routing-instances RED-Spoke route-distinguisher 8:222
set routing-instances RED-Spoke vrf-import RED-Spoke-Imp
set routing-instances RED-Spoke vrf-export RED-Spoke-Exp
set routing-instances RED-Spoke protocols bgp group Spoke advertise-peer-as
set routing-instances RED-Spoke protocols bgp group Spoke family inet unicast loops 3
set routing-instances RED-Spoke protocols bgp group Spoke peer-as 30000
set routing-instances RED-Spoke protocols bgp group Spoke neighbor 172.16.42.14
R1, R2, R4, R5 & R8

set protocols bgp group rr family inet-vpn unicast loops 3
set protocols bgp group core family inet-vpn unicast loops 3
Task 4: 6 points
Create a VPLS VPN named GREEN that includes CE1 and CE2. Ensure that CE devices in
Green are able to communicate with each other. Ensure the VLAN tags are sent across the
pseudowire. Use a routing instance and LDP as the VPN signaling protocol. USE VLAN 500
with site 1 and VLAN 600 with Site 2. Note that CE1 is configured to only communicate using
VLAN 500 and CE2 is configured to only communicate using vlan 600
Solution:
(Note: If after creating interface commit operation give error, do exclude interface-group
from VPLS PE-CE interface)
R4
set interfaces ge-1/3/3 unit 500 encapsulation vlan-vpls
set interfaces ge-1/3/3 unit 500 vlan-id 500
set interfaces ge-1/3/3 unit 500 family vpls
set routing-instances GREEN instance-type vpls

set routing-instances GREEN vlan-id 512
set routing-instances GREEN interface ge-1/3/3.500
set routing-instances GREEN protocols vpls no-tunnel-services
set routing-instances GREEN protocols vpls vpls-id 48
set routing-instances GREEN protocols vpls neighbor 10.200.1.8 backup-neighbor 10.200.1.6
R8
set interfaces ge-1/3/2 unit 600 encapsulation vlan-vpls
set interfaces ge-1/3/2 unit 600 vlan-id 600
set interfaces ge-1/3/2 unit 600 family vpls
set routing-instances GREEN instance-type vpls

set routing-instances GREEN vlan-id 512
set routing-instances GREEN interface ge-1/3/2.600
set routing-instances GREEN protocols vpls no-tunnel-services
set routing-instances GREEN protocols vpls vpls-id 48
set routing-instances GREEN protocols vpls neighbor 10.200.1.4
Task 5: 3 points.
Configure R8 to enable communication between GRAY and RED. Ensure that GRAY-CE2 can
communicate with RED-CE1 but other sites of RED or GRAY cannot reach each other.
Solution:
R8
del policy-options policy-statement RED-Hub-Imp
set policy-options policy-statement RED-Hub-Imp term 1 from community
GRAY
set policy-options policy-statement RED-Hub-Imp term 1 then accept
R4
set policy-options as-path HUB "(30000)?"
set policy-options policy-statement GRAY-Imp term 2 from community RED-Imp
set policy-options policy-statement GRAY-Imp term 2 from as-path HUB
Task1: 6 points
Create a layer 3 vpn named pink that includes pink sites ensure that all ce devices in pink
receive all routes and have full connectivity within pink use bgp as the pe-ce protocols at
sites 3 while use ospf at site 1 and site 2
Solution:
It’s the mix of both RED & GRAY VPN where PINK CE3 is same as RED CE3 which use BGP as
the PE-CE protocol. PINK CE1 & CE2 is same as GRAY CE1 & CE2. Use same configuration as
mentioned above with matching RT.
Task2: 4 points
For pink vpn ensure that all routes received from site2 appear as OSPF type 5 LSA at site1.
Ensure that the CE devices at site 2 prefer the pink vpn to reach each other
Solution:
This is also same as GRAY VPN where we need to use VPN domain community. The
additional requirement is Sham link configuration.
R4
set interfaces lo0 unit 41 family inet address 41.41.41.41/32
set routing-instances PINK interface lo0.41
set routing-instances PINK protocols ospf sham-link local 41.41.41.41
set routing-instances PINK protocols ospf area 0.0.0.0 sham-link-remote 81.81.81.81 metric
1
set routing-instances PINK protocols ospf area 0.0.0.0 interface lo0.41
R8
set interfaces lo0 unit 81 family inet address 81.81.81.81/32
set routing-instances PINK interface lo0.81
set routing-instances PINK protocols ospf sham-link local 81.81.81.81
set routing-instances PINK protocols ospf area 0.0.0.0 sham-link-remote 41.41.41.41 metric
1
set routing-instances PINK protocols ospf area 0.0.0.0 interface lo0.81
Task3: 6 points
Create a vpls vpn named BLUE that includes blue sites. Ensure that all site have full
connectivity and site 3 is multihomed to R3 and R8. Ensure that no loop exists within the
VPN and R3 is the primary entry and exit point for Site 3. Use bgp as the signaling protocol
Solution:
R4
set routing-instances BLUE instance-type vpls
set routing-instances BLUE vlan-id 512
set routing-instances BLUE interface ge-1/3/6.600
set routing-instances BLUE route-distinguisher 1:1
set routing-instances BLUE vrf-target target:1:1
set routing-instances BLUE protocols vpls no-tunnel-services
set routing-instances BLUE protocols vpls site SITE1 site-identifier 1
R3 or R6 (makes no difference)
set routing-instances BLUE protocols vpls site SITE2 multi-homing
set routing-instances BLUE protocols vpls site SITE2 site-preference primary
R8
set routing-instances BLUE protocols vpls site SITE2 multi-homing
set routing-instances BLUE protocols vpls site SITE2 site-preference backup
Task4: 4 points
For blue VPN ensure that packet with 1500 byte ethernet payload size can be sent between
the CE devices
Solution:
There is nothing to configure for this task, as Core is already configured to pass 1500B
Ethernet payload between CE. If not, change the MTU of core to meet the requirements.
Task5: 4 points
For blue vpn ensure that broadcast unknown unicast and multicast traffic from site 1 is not
duplicated on any core links
Solution:
set routing-instances BLUE provider-tunnel rsvp-te label-switched-path-template default-
template
6 - Class of service - 12 points
Task 1: 3 points
Traffic from C2 to C4 already has COS markings applied as noted in this section exhibit.
However, some EF and AF traffic, which is currently assigned to Q3 and Q2 is being dropped.
Ensure the in-profile traffic from different classes can successfully reach C4. You may not
assign the traffic to a different forwarding class.
Task 2: 1 point:
Ensure that the traffic from task 1 doesn’t expand beyond its configured settings.
Solution:
R7
set class-of-service scheduler-maps C2-C4 forwarding-class NC scheduler NC
set class-of-service scheduler-maps C2-C4 forwarding-class BE scheduler BE
set class-of-service scheduler-maps C2-C4 forwarding-class AF scheduler AF
set class-of-service scheduler-maps C2-C4 forwarding-class EF scheduler EF
set class-of-service schedulers NC transmit-rate percent 10
set class-of-service schedulers NC buffer-size percent 10
set class-of-service schedulers NC priority strict-high
set class-of-service schedulers EF transmit-rate percent 20
set class-of-service schedulers EF buffer-size percent 20
set class-of-service schedulers EF priority high
set class-of-service schedulers AF transmit-rate percent 20
set class-of-service schedulers AF buffer-size percent 20
set class-of-service schedulers AF priority medium-high
set class-of-service schedulers BE transmit-rate percent 50
set class-of-service schedulers BE buffer-size percent 50
set class-of-service schedulers BE priority low
set class-of-service interfaces ge-1/2/8 unit 50 scheduler-map C2-C4
Task 3: 3 points
Ensure that the COS marked traffic from C2 has its markings removed as it arrives C4.
Solution:
set class-of-service rewrite-rules inet-precedence reset forwarding-class BE loss-priority low
code-point 000
set class-of-service rewrite-rules inet-precedence reset forwarding-class AF loss-priority low
code-point 000
set class-of-service rewrite-rules inet-precedence reset forwarding-class EF loss-priority low
code-point 000
set class-of-service rewrite-rules inet-precedence reset forwarding-class NC loss-priority low
code-point 000
set class-of-service interfaces ge-1/2/8 unit 50 rewrite-rules inet-precedence reset
Task 4: 5 points:
Ensure that traffic from C1 to C3 uses specific LSPs based on COS markings according to the
information in this section’s exhibit
Solution:
set policy-options policy-statement LSP-Fwd term 1 from route-filter 218.3.0.0/16 exact
set policy-options policy-statement LSP-Fwd term 1 then install-nexthop lsp R3-R6-af
set policy-options policy-statement LSP-Fwd term 2 from route-filter 218.4.0.0/16 exact
set policy-options policy-statement LSP-Fwd term 2 then install-nexthop lsp R3-R6-be
set routing-options forwarding-table export LSP-Fwd
Note: Delete Metric value from R3-R6-be & R3-R6-af.
218.3.0.0/16 R3-R6-af
218.4.0.0/16 R3-R6-be
Class of service exhibit
IPP marking
IPP VALUES FORWARDING CLASS TRANSMIT RATE LOCATION

6,7 NC 10%
5 EF 20%
3,4 AF 20%
0,1,2 BE 50%

Lab Practice Sol

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lab Practice Sol

Uploaded by

Copyright:

Available Formats

Contents

Device infra 9 points ............................................................................................................... 2

set interfaces ge-0/0/2 gigether-options 802.3ad ae5

set interfaces ae5 aggregated-ether-options minimum-links 2

set firewall filter PE-Filter term 1 from protocol tcp

set routing-options forwarding-table export BGP-Discard

2- Interior gateway protocol - 15 points

set protocols isis interface ge-1/2/1.2

set protocols isis interface ge-1/2/0.2

set protocols isis interface ge-1/2/0.3

set protocols isis interface ge-1/2/1.4

set protocols isis interface ge-1/2/0.4

set protocols isis interface ge-1/2/1.3

set protocols isis interface ge-1/2/3.5

set protocols isis interface ge-1/2/3.4

set protocols ospf3 area 0.0.0.0 interface ge-1/2/8.17

set policy-options policy-statement DC-Core term 1 from tag 47

set protocols ospf export DC-Core

set policy-options policy-statement Core-DC term 1 from protocol aggregate

set protocols ospf3 area 0.0.0.0 interface ge-1/2/8.18

set policy-options policy-statement DC-Core term 1 from tag 47

set protocols ospf export DC-Core

set protocols mpls label-switched-path R1-R2 to 10.200.1.2

set protocols mpls interface ge-1/2/1.2 admin-group [RED BLUE]

set protocols mpls label-switched-path R2-R1 to 10.200.1.1

set protocols mpls interface ge-1/2/0.2 admin-group [RED BLUE]

set protocols mpls label-switched-path R3-R1 to 10.200.1.1

set protocols mpls interface ge-1/2/3.3 admin-group RED

set protocols mpls label-switched-path R4-R1 to 10.200.1.1

set protocols mpls label-switched-path R5-R1 to 10.200.1.1

set protocols mpls interface ge-1/2/7.3 admin-group BLUE

set protocols mpls label-switched-path R6-R1 to 10.200.1.1

set protocols mpls label-switched-path R3-R1 admin-group include BLUE

set protocols mpls label-switched-path R1-R6 link-protection

set protocols rsvp interface ge-1/2/1.2 link-protection

set protocols mpls label-switched-path R3-R4 bandwidth 700m

set protocols mpls label-switched-path R6-R4 bandwidth 700m

set protocols mpls label-switched-path R1-R3 ldp-tunneling

set protocols mpls label-switched-path R3-R1 ldp-tunneling

set protocols mpls label-switched-path R4-R1 ldp-tunneling

set protocols mpls label-switched-path R6-R1 ldp-tunneling

set policy-options policy-statement LOOPBACKS term 1 from rib inet6.3

set protocols ospf rib-groups 0-to-6

(Note: All the BGP neighbors iBGP/eBGP have already configured)

set protocols bgp group P3 peer-as 3000

set protocols bgp group C2 accept-remote-nexthop

set protocols bgp group P1 import LP

set policy-options policy-statement MEDXXX term 1 then metric XXX

set policy-options community C2 members 10000:100

set policy-options policy-statement AS-Prep term 1 from community C2

R3, R6, R7 & R8

set policy-options policy-statement RTBH term 1 from route-filter 0.0.0.0/0 prefix-length-

set policy-options policy-statement GRAY-BGP->OSPF term 1 from protocol bgp

set policy-options community GRAY members target:100:100

set routing-instances GRAY instance-type vrf

set policy-options policy-statement GRAY-BGP->OSPF term 1 from protocol bgp

set routing-instances GRAY instance-type vrf

et routing-instances RED-CE2 instance-type vrf

set routing-instances RED-NOC instance-type vrf

set routing-instances RED-Hub instance-type vrf

R1, R2, R4, R5 & R8

set routing-instances GREEN instance-type vpls