Академический Документы
Профессиональный Документы
Культура Документы
Routing
11.a
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has
no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an
agreement executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and
agree to be bound by its license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper
Networks software, may contain prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should
consult the software license for further details.
Contents
Lab 1:
Lab 2:
Lab 3:
Configuring and Monitoring Routing Policy and Advanced OSPF Options . . 3-1
Part 1: Establishing the OSPF Adjacencies and Creating a Virtual Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Part 2: Configuring OSPF Multiarea . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Part 3: Configuring External Reachability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
Lab 4:
Lab 5:
Lab 6:
Lab 7:
6-2
6-2
6-4
6-5
6-7
6-7
6-9
Lab 8:
5-2
5-2
5-3
5-4
5-5
5-7
5-8
7-2
7-4
7-6
7-8
www.juniper.net
Contents iii
Lab 9:
iv Contents
www.juniper.net
Course Overview
This three-day course is designed to provide students with the tools required for implementing,
monitoring, and troubleshooting Layer 3 components in an enterprise network. Detailed coverage
of OSPF, BGP, class of service (CoS), and multicast is strongly emphasized.
Through demonstrations and hands-on labs, students will gain experience in configuring and
monitoring the Junos operating system and in monitoring device and protocol operations.
Objectives
After successfully completing this course, you should be able to:
www.juniper.net
Use routing policy and specific configuration options to implement solutions for
various scenarios.
Describe various BGP attributes in detail and explain the operation of those attributes.
Implement a routing policy for inbound and outbound traffic using BGP.
Explain the CoS processing along with CoS defaults on SRX Series Services Gateways.
Describe situations when some CoS features are used in the enterprise.
Explain the role of Internet Group Management Protocol (IGMP) and describe the
available IGMP versions.
Illustrate the role of Internet Group Management Protocol version 3 (IGMPv3) and PIM
sparse mode (PIM-SM) in an SSM implementation.
Intended Audience
This course benefits individuals responsible for configuring and monitoring devices running the
Junos OS.
Course Level
Advanced Junos Enterprise Routing is an advanced-level course.
Prerequisites
Students should have basic networking knowledge and an understanding of the Open Systems
Interconnection (OSI) model and the TCP/IP protocol suite. Students should also have working
experience with basic routing principles.
Students should also attend the Introduction to the Junos Operating System (IJOS), Junos Routing
Essentials (JRE), and Junos Intermediate Routing (JIR) courses prior to attending this class.
vi Course Overview
www.juniper.net
Course Agenda
Day 1
Chapter 1: Course Introduction
Chapter 2: OSPF
Lab 1: Configuring and Monitoring OSPF
Chapter 3: OSPF Areas
Lab 2: Configuring and Monitoring OSPF Areas and Route Summarization
Chapter 4: OSPF Case Studies and Solutions
Lab 3: Configuring and Monitoring Routing Policy and Advanced OSPF Options
Day 2
Chapter 5: BGP
Lab 4: Implementing BGP
Chapter 6: BGP Attributes and Policy
Lab 5: BGP Attributes
Chapter 7:
Day 3
Chapter 8: Introduction to Multicast
Chapter 9: Multicast Routing Protocols and SSM
Lab 7: Implementing PIM-SM
Lab 8: Implementing SSM
Chapter 10: Class of Service
Lab 9: Implementing CoS Features in the Enterprise
Appendix A: BGP Route Reflection
Lab 10: BGP Route Reflection (Optional)
www.juniper.net
Document Conventions
CLI and GUI Text
Frequently throughout this course, we refer to text that appears in a command-line interface (CLI)
or a graphical user interface (GUI). To make the language of these documents easier to read, we
distinguish GUI and CLI text from chapter text according to the following table.
Style
Description
Usage Example
Franklin Gothic
Normal text.
Courier New
Console text:
Screen captures
commit complete
Noncommand-related
syntax
Description
Usage Example
Normal CLI
No distinguishing variant.
Physical interface:fxp0,
Enabled
Normal GUI
GUI Input
Description
Usage Example
CLI Variable
policy my-peers
GUI Variable
CLI Undefined
GUI Undefined
ping 10.0.x.y
Select File > Save, and type
filename in the Filename field.
www.juniper.net
Additional Information
Education Services Offerings
You can obtain information on the latest Education Services offerings, course dates, and class
locations from the World Wide Web by pointing your Web browser to:
http://www.juniper.net/training/education/.
Technical Publications
You can print technical manuals and release notes directly from the Internet in a variety of formats:
Go to http://www.juniper.net/techpubs/.
Locate the specific software or hardware release and title you need, and choose the
format in which you want to view or print the document.
Documentation sets and CDs are available through your local Juniper Networks sales office or
account representative.
www.juniper.net
Additional Information ix
x Additional Information
www.juniper.net
Lab 1
Configuring and Monitoring OSPF
Overview
This lab demonstrates configuration and monitoring of the OSPF protocol. In this lab, you
use the command-line interface (CLI) to configure, monitor, and troubleshoot OSPF.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Overload a router.
Step 1.2
Access the CLI on your student device using either the console, Telnet, or SSH as
directed by your instructor. Refer to the management network diagram for the IP
address associated with your student device. The following example uses a simple
Telnet access to srxA-1 with the Secure CRT program as a basis:
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the
load override /var/home/lab/ajer/reset.config command. After
the configuration has been loaded, commit the changes before proceeding.
www.juniper.net
Step 1.4
Navigate to the [edit routing-options] hierarchy and configure the router ID
on your router using the IP address assigned to the lo0 interface as the input value.
Step 1.5
Navigate to the [edit protocols ospf] hierarchy and configure the interfaces
necessary for OSPF Area 0. Refer to the network diagram as needed and remember
to include the loopback interface, lo0.0. On the ge-0/0/1 interface, use the
interface-type p2p option to speed up its adjacency time.
Step 1.6
Activate the configuration and quickly issue the run show ospf neighbor
command.
Question: Which neighbor states are shown for the
listed interfaces and why?
Step 1.7
Issue the run show ospf interface command to view the interface states.
Question: What are the states of the two ethernet
interfaces and what do they mean?
Step 1.8
Issue the run show ospf neighbor command again to verify the current OSPF
adjacency details.
Question: How many OSPF neighbors exist and what
are the states of those adjacencies?
www.juniper.net
STOP
Step 2.2
Associate a metric of 100 with the ge-0/0/2.0 interface. Activate the change and
reissue the run show ospf route command.
Question: What is the current metric associated
with the 172.20.66.0/30 OSPF route?
Step 2.3
Another method to view the metric of an interface is the show ospf interface
detail command. Issue a run show ospf interface ge-0/0/2.0
detail command to view its output.
Lab 14 Configuring and Monitoring OSPF
www.juniper.net
Step 2.4
Because we are using Gigabit Ethernet interfaces in the network, change the
reference-bandwidth to 10g. Activate the change and issue the run show
ospf route command to view the changes.
Question: What was the effect of setting the
reference-bandwidth to 10g?
Step 2.5
Configure your assigned device to function as an area border router (ABR), joining
Area 0 with a second area. Refer to the network diagram for the area and interface
details. When complete, activate the configuration changes using the commit
command.
Step 2.6
Issue the run show ospf neighbor command to verify the current OSPF
adjacency details.
Question: How many OSPF neighbors exist and what
are the states of those adjacencies?
Step 2.7
Verify reachability to the virtual router attached to your assigned device by pinging
its loopback address. Refer to your network diagram as necessary.
Question: Was the ping to your attached virtual
router successful?
Note
www.juniper.net
Step 2.9
From the second CLI session to your student device, telnet to your virtual routers
loopback address. Log in to the virtual router using the login information shown in
the following table:
Virtual Router Login Details
Student Device
Username
Password
srxA-1
a1
lab123
srxA-2
a2
lab123
srxB-1
b1
lab123
srxB-2
b2
lab123
srxC-1
c1
lab123
srxC-2
c2
lab123
srxD-1
d1
lab123
srxD-2
d2
lab123
www.juniper.net
Step 2.10
Verify reachability back to your student devices loopback address from the remote
virtual router. Be sure to source your ping from the correct virtual router routing
instance. Refer to the following table for your assigned instance name.
Note
Instance Name
srxA-1
vr111
srxA-2
vr112
srxB-1
vr113
srxB-2
vr114
srxC-1
vr115
srxC-2
vr116
srxD-1
vr117
srxD-2
vr118
Step 2.11
Issue a show route remote-virtual-router-loopback/32 table
instance-name command to view the route table data of the remote teams
virtual routers loopback address. Use the table from the previous step for the
instance name.
Question: What is the OSPF cost to reach the
remote virtual routers loopback address?
Step 2.12
Return to the CLI session on your SRX Series student device.
On the SRX Series student device, configure your device for OSPF overload mode
and activate the change.
www.juniper.net
Step 2.13
Return to the CLI session on your virtual router.
On your local virtual router, reissue the show route
remote-virtual-router-loopback/32 table instance-name
command.
Question: Did the metric change? If so, what did it
change to and why?
Step 2.14
Log out of the vr-device and then log out of student device. You can close this
second window because you will not need it anymore.
Step 2.15
Return to the CLI session on your SRX Series student device.
On the SRX Series student device, delete the overload setting and activate your
changes.
STOP
www.juniper.net
Step 3.3
This step is for both teams.
Define traceoptions for OSPF so that OSPF errors write to a file named
trace-ospf. Include the detail option with the error flag to capture
additional details of the OSPF errors. Activate the configuration change when
completed.
Step 3.4
This step is for both teams.
Issue the run show log trace-ospf command to view the contents written to
the trace-ospf trace file.
Question: Does the generated error in the trace file
explain the current OSPF adjacency issue?
Step 3.5
This step is for team 2 only.
Configure the ge-0/0/1.0 interface in Area 0 for OSPF MD5 authentication. Use a
password of juniper and a key-id of 1. Activate the changes when completed.
Step 3.6
This step is for both teams.
Issue a run show ospf neighbor command.
Question: Did the OSPF adjacency across the
ge-0/0/1.0 interface return to the Full state?
Step 3.7
This step is for both teams.
Deactivate traceoptions and delete the trace-ospf log file. Activate the
configuration and return to operational mode using the commit and-quit
command.
Step 3.8
Log out of your assigned device using the exit command.
www.juniper.net
STOP
www.juniper.net
Lab 2
Configuring and Monitoring OSPF Areas and Route
Summarization
Overview
This lab configures a stub area and a not-so-stubby (NSSA) area, and performs route
summarization. In addition, the stub area will be converted into a totally stubby area using
the no-summaries option.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Step 1.2
Access the CLI on your student device using either the console, Telnet, or SSH as
directed by your instructor. Refer to the management network diagram for the IP
address associated with your student device. The following example uses a simple
Telnet access to srxA-1 with the Secure CRT program as a basis:
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the
load override /var/home/lab/ajer/lab2-start.config command.
After the configuration has been loaded, commit the changes before proceeding.
www.juniper.net
Step 1.4
Refer to the network diagram and configure the IP address on the ge-0/0/4.unit
interface for the stub area on your assigned device. Use the logical unit value as the
VLAN-ID value for this interface.
Step 1.5
Navigate to the [edit protocols ospf] hierarchy and configure the OSPF
stub area. Refer to the network diagram to ensure you use the correct area number
for your device .
Step 1.6
Activate the configuration and issue the run show ospf neighbor command.
Question: Did the new neighbor come up to a Full
state?
Step 1.7
Issue the run show ospf interface detail | find ge-0/0/4
command to see the difference between the non-stub area interface and the new
stub area interface.
Question: Is the new interface correctly set as
Stub?
Step 1.8
Issue the run show ospf database area area summary and run show
ospf database area area commands to see how many and what types of
link-state advertisements (LSAs) are contained in the OSPF database for your stub
area. Refer to the network diagram as needed for the correct stub area number.
Question: How many summary LSAs are in your stub
area?
Step 1.9
Convert your stub area to a totally stubby area using the no-summaries option
and activate your changes.
Step 1.10
Issue the run show ospf database area area summary and run show
ospf database area area commands again.
www.juniper.net
Step 1.11
Configure the router to inject a default route into the stub area by using the
default-metric option. Give this route a metric of 10 and activate your
changes.
Step 1.12
Issue the run show ospf database area area summary and run show
ospf database area area commands again.
Question: How many summary LSAs are now in your
stub area?
STOP
www.juniper.net
Step 2.4
Issue the run show ospf interface ge-0/0/4.unit detail command
to verify this interface is set as an NSSA interface.
Question: Is the new interface correctly set as an
NSSA interface?
Note
Step 2.6
Issue the run show ospf database external command to see external
LSAs contained in the OSPF database.
Question: Are the external LSAs that describe the
remote teams NSSA routes present?
www.juniper.net
Step 2.7
Each of the external NSSA destinations is represented by a /24 network. Choose
one of the remote teams destinations and issue a run show route
destination command for that destination.
Step 2.8
You will now summarize your four networks into one /22 network using the
area-range option. Ensure you set this command within the [edit protocols
ospf area area nssa] hierarchy of the configuration. Commit your changes
when completed and exit to operational mode.
Note
Step 2.10
Choose one of the remote teams destinations and issue a show route
destination command for that destination to verify the router is using the /22
summary route instead of the original /24 route.
Step 2.11
Log out of your assigned device using the exit command.
STOP
www.juniper.net
Lab 3
Configuring and Monitoring Routing Policy and Advanced
OSPF Options
Overview
In this lab, you will use the lab diagram titled Lab 3: Configuring and Monitoring Routing
Policy and Advanced OSPF Options to establish a multiarea OSPF routing domain. This
lab will require the configuration of a virtual link as backup to the backbone connection
and a multiarea adjacency as outlined in RFC 5185. The final part of this lab will require
routing policy to redistribute and advertise routes being received from a RIP network into
OSPF external link-state advertisements (LSAs).
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Configuring and Monitoring Routing Policy and Advanced OSPF Options Lab 31
11.a.11.4R1.6
Step 1.2
Access the CLI on your student device using either the console, Telnet, or SSH as
directed by your instructor. Refer to the management network diagram for the IP
address associated with your student device. The following example uses a simple
Telnet access to srxA-1 with the Secure CRT program as a basis:
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the
load override /var/home/lab/ajer/lab3-start.config command.
After the configuration has been loaded, commit the changes before proceeding.
Lab 32 Configuring and Monitoring Routing Policy and Advanced OSPF Options
www.juniper.net
Step 1.4
Navigate to the [edit protocols ospf] hierarchy. Establish the OSPF
adjacencies with the P1, P2, and R3 routers attached to your student device.
Configure OSPF Area 10 as a not-so-stubby area (NSSA) and advertise a default
route with a metric of 10. Do not forget the loopback address in Area 0. Commit the
configuration when complete.
Step 1.5
Use the run show ospf interface command to verify which interfaces are
participating in OSPF.
Question: How many interfaces are running OSPF?
Step 1.6
Use the run show ospf neighbor command to verify the establishment of the
OSPF adjacencies.
Question: Are all OSPF adjacencies established and
in the Full state?
Step 1.7
Verify that the routing table has connectivity to all devices in the OSPF domain. Use
the run show route protocol ospf table inet.0 | match /32
command to display only the host addresses.
Question: Is there an entry in the primary routing
table (inet.0) for all six loopback addresses
within the OSPF domain?
Step 1.8
Navigate to the [edit protocols ospf area 0.0.0.0] hierarchy. Create a
virtual link in OSPF Area 0 through Area 20 using the OSPF virtual-link
command. The virtual-link neighbor-id is the loopback address of your
partners student device. The virtual link should be used only as a backup in the
event of an P1 failure. This can be accomplished by setting the P2 interface in Area
20 to a metric of 10. Commit this configuration when completed.
Step 1.9
Use the run show ospf interface command to verify that the virtual link has
been established and that an adjacency has been formed.
www.juniper.net
Configuring and Monitoring Routing Policy and Advanced OSPF Options Lab 33
Step 1.10
Use the run show ospf neighbor command to verify that the virtual link has
established an adjacency.
Question: What is the adjacency state of the virtual
link interface?
Step 1.11
Use the run show route address/32 table inet.0 command to verify
that your partners default loopback address routes through the P1 router and not
through the virtual link. Refer to the network diagram as needed.
Question: Does the route to your partners loopback
address go through the P1 router or the virtual link?
Lab 34 Configuring and Monitoring Routing Policy and Advanced OSPF Options
www.juniper.net
Step 2.3
Use the run show ospf neighbor command to verify the establishment of an
OSPF Area 10 adjacency through the P1 router.
Question: How many OSPF adjacencies exist for
Area 0.0.0.10?
Step 2.4
Verify that the loopback address of your partners R3 virtual router is being routed
through the ge-0/0/14.0 interface toward your R3 virtual router. Use the run show
route address/32 table inet.0 command to display the path of the route.
Question: What is the primary path to your partners
virtual routers loopback address?
Step 2.5
Navigate to the [edit routing-instances instance-name protocols
ospf] hierarchy. The value of instance-name is the name of your remote virtual
router (either R3-1 or R3-2) depending on your assigned student device. Deactivate
your R3 virtual routers Area 10 interface connected to the P3 router. Commit the
configuration when completed.
Step 2.6
Issue the run show route address/32 table inet.0 command again to
verify the route to your partners remote virtual routers loopback address has
converged through the P1 router, thus using the multiarea adjacency.
Question: Did the route converge through the
multiarea adjacency?
Step 2.7
Navigate to the top of the configuration hierarchy. Use the rollback 1 command
to reactivate the interface between your R3 virtual router and the P3 router. Commit
the configuration when complete.
www.juniper.net
Configuring and Monitoring Routing Policy and Advanced OSPF Options Lab 35
Step 2.8
Verify that OSPF converged back to the primary path by displaying your partners
loopback address using the run show route address/32 table inet.0
command.
Question: Did the route converge back to your R3
virtual router?
STOP
Lab 36 Configuring and Monitoring Routing Policy and Advanced OSPF Options
www.juniper.net
Step 3.3
Use the run show route 0/0 exact table instance-name command to
verify your R3 virtual router has an OSPF default route that routes toward your
assigned student device.
Step 3.4
Navigate to the [edit policy-options policy-statement
export-default] hierarchy. Create a routing policy to advertise the OSPF
default route to the RIP router. Do not commit your changes at this time.
Note
www.juniper.net
Configuring and Monitoring Routing Policy and Advanced OSPF Options Lab 37
Step 3.8
Display the default route in the R3 routing table using the run show route 0/0
exact table instance-name command.
Note
Step 3.9
Using the external-preference option, set the external preference of OSPF to
90 (which is less than the RIP preference of 100) for the R3 virtual router. Commit
the changes when complete.
Step 3.10
Use the run show route advertising-protocol rip address table
instance-name command to verify that the default route is being advertised to
the P3 router. The address value will be 172.22.125.1 or 172.22.126.1 depending
on your assigned student device. Please refer to the network diagram as needed.
Note
Step 3.11
Navigate to the [edit policy-options policy-statement
import-rip-route] hierarchy. Create a policy to accept only the 20.20.0.0/21
RIP summary route from the P3 RIP router.
Step 3.12
Navigate to the [edit routing-instances instance-name] hierarchy and
apply the import-rip-route policy as an import policy under the P3 group in
protocols RIP. Commit the configuration when complete.
Lab 38 Configuring and Monitoring Routing Policy and Advanced OSPF Options
www.juniper.net
Step 3.13
Use the run show route receive-protocol rip address table
instance-name command to verify that RIP routes are being received from the
P3 router. The address value will be 172.22.125.2 or 172.22.126.2 depending on
your assigned student device. Verify that only the summary route is now being
received from the P3 RIP router.
Question: Is the RIP import policy working?
Step 3.14
Navigate to the [edit policy-options policy-statement
export-rip-route] hierarchy. Create a routing policy to redistribute the RIP
summary route into OSPF. Do not commit the configuration at this time.
Step 3.15
This step is to be performed by Team 1 only. Team 2 will perform the same step after
waiting two minutes from the time of this commit.
Navigate to the [edit routing-instances instance-name] hierarchy.
Before applying the policy as an OSPF export policy, protect the network from
unnecessary routes by configuring a prefix export limit of 1 using the
prefix-export-limit command within protocols ospf. Commit the
configuration when complete.
Step 3.16
This step is to be performed by Team 2 only after waiting two minutes from the
commit time of the previous step.
Navigate to the [edit routing-instances instance-name] hierarchy.
Before applying the policy as an OSPF export policy, protect the network from
unnecessary routes by configuring a prefix export limit of 1 using the
prefix-export-limit command within protocols ospf. Commit the
configuration when complete.
Step 3.17
Verify connectivity to the RIP network by performing a trace to the RIP router using
the redistributed RIP summary route. Use the run traceroute 20.20.1.1
routing-instance instance-name command to verify connectivity.
Note
www.juniper.net
Configuring and Monitoring Routing Policy and Advanced OSPF Options Lab 39
Step 3.18
Examine the OSPF Type 7 LSA to Type 5 LSA conversion between the OSPF NSSA
area and the OSPF backbone area. Use the run show ospf database area
10 nssa detail command to display the Type 7 LSAs and the run show ospf
database external detail command to display the Type 5 LSA.
Question: Which router created the Type 7 LSA for
the 20.20.0.0 prefix? Which ABR created the Type 5
external LSA for the 20.20.0.0 prefix? Why?
Step 3.19
Navigate to the [edit policy-options policy-statement
ospf-import] hierarchy. Create an OSPF import policy to block the RIP summary
route from being installed in the routing table from OSPF.
Step 3.20
Navigate to the [edit routing-instances instance-name] hierarchy and
apply the ospf-import policy as an import policy in OSPF. Commit the changes
when complete and return to operational mode.
Step 3.21
Verify that the OSPF import policy is working and that optimal routing is being
performed to the RIP network by using the traceroute 20.20.1.1
routing-instance instance-name command.
Question: Is the OSPF import policy working?
Step 3.22
Log out of your assigned device using the exit command.
STOP
Lab 310 Configuring and Monitoring Routing Policy and Advanced OSPF Options
www.juniper.net
Lab 4
Implementing BGP
Overview
In this lab, you will use the Lab 4 network diagrams to establish a BGP network. After
verifying the baseline OSPF topology, a full mesh of internal BGP (IBGP) sessions must be
established between all routers in your autonomous system (AS), AS 64700. The EBGP
neighboring routers are in AS 65510 and AS 65520. You will establish EBGP peering
sessions with the locally connected provider edge (PE) routers.
This lab will require the configuration of both IBGP and EBGP peering sessions.
The lab is available in two formats: a high-level format designed to make you think through
each step, and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Step 1.2
Access the CLI on your student device using either the console, Telnet, or SSH as
directed by your instructor. Refer to the management network diagram for the IP
address associated with your student device. The following example uses a simple
Telnet access to srxA-1 with the Secure CRT program as a basis:
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the
load override /var/home/lab/ajer/lab4-start.config command.
After the configuration has been loaded, commit the changes before proceeding.
Step 1.4
Use the run ping address rapid command to ping the far-end IP address of
each of the five interfaces attached to your student device. This action verifies that
each interface has been configured properly. Refer to your network diagram as
needed.
www.juniper.net
Step 1.5
Use the run show ospf interface and run show ospf neighbor
commands to confirm that OSPF has been configured properly and that adjacencies
have been established between neighboring routers.
Question: Are the adjacencies established between
your router and the two neighboring routers?
www.juniper.net
Step 2.4
Issue the run show route receive-protocol bgp peer-address
command, where peer-address is the loopback address of each IBGP peer.
Question: From which IBGP peers are you currently
receiving routes?
www.juniper.net
Step 2.5
Issue the run show route advertising-protocol bgp peer-address
command, where peer-address is the loopback address of each IBGP peer.
STOP
www.juniper.net
Do not proceed until the remote team finishes the previous step.
Step 3.2
Issue the run show bgp summary command to view the current BGP summary
information.
Question: How many BGP groups and peers does
your device currently list?
Step 3.3
View all of the routes received from the EBGP peers by issuing the run show
route aspath-regex "peer-as .*" command.
Question: Are the EBGP peers sending the exact
same routes to your router or are they sending
different routes?
Step 3.4
Use the run show route 0/0 exact extensive command to look at the
default route received from each EBGP peer to determine why your router is
choosing one of the routes over the other.
www.juniper.net
Step 3.5
Issue the run show route advertising-protocol bgp peer-address
command, where peer-address is the IP address value assigned to each of your
EBGP peers.
Step 3.6
Use the advertise-inactive option to override the default behavior and
advertise BGP routes that are not currently selected as active because of route
preference. Commit the changes when complete.
Step 3.7
Once again, issue the run show route advertising-protocol bgp
peer-address command, where peer-address is the IP address value
assigned to each of your EBGP peers, to determine whether your device is
advertising BGP routes to its external BGP peers.
www.juniper.net
Step 3.8
Navigate to the [edit routing-options] hierarchy and define aggregate
routes that represent the internal prefixes that are part of your AS. You will need to
summarize the 172.21.y.0/24, 172.22.y.0/24, 192.168.y.z/32 prefixes.
Step 3.9
Navigate to the [edit policy-options] hierarchy and define a new policy
named adv-aggregates that includes two terms. Name the first term
match-aggregate-routes. It should match and accept the aggregate routes.
Ensure that you match the aggregate protocol. Name the second term
deny-other. It should reject all other routes.
Step 3.10
Navigate to the [edit protocols bgp] hierarchy and apply the newly defined
policy as an export policy for the external BGP group named my-ext-group.
Commit the changes when complete.
Step 3.11
Verify the effects of the newly defined and applied policy by issuing the run show
route advertising-protocol bgp peer-address command, where
peer-address is the IP address value assigned to each of your EBGP peers.
Question: Is your device advertising all of the
expected aggregate prefixes?
www.juniper.net
Step 4.2
Display the 172.28.102.0/24 route using the run show route
172.28.102.0/24 detail command.
Question: How many advertisements have been
received for this route? Where did they come from?
Step 4.3
Use the BGP multipath option to install the EBGP routes with two equal cost
paths. Configure multipath in the my-ext-group BGP group. Commit your
configuration when complete.
Step 4.4
Display the 172.28.102.0/24 route again using the run show route
172.28.102.0/24 detail active-path command.
Question: How many next hops does the active
route now have installed?
Step 4.5
Use the run show route forwarding-table destination
172.28.102.0/24 command to view the packet forwarding table.
Question: Are the two routes to the EBGP peers
installed in the packet forwarding table?
www.juniper.net
Step 4.6
Navigate to the [edit policy-options policy-statement
pfe-load-balance] hierarchy. Under the pfe-load-balance policy, create a
term that only load-balances all BGP routes.
Step 4.7
After configuring the pfe-load-balance policy, apply it as an export policy under
the [edit routing-options forwarding-table] hierarchy. Commit the
changes.
Step 4.8
Use the run show route forwarding-table destination
172.28.102.0/24 command to verify that the forwarding table now has two
next-hop interfaces for the 172.28.102.0/24 route.
Question: Is the forwarding table using both
next-hop interfaces to reach the 172.28.102.0/24
route?
www.juniper.net
Step 5.4
Navigate to the [edit protocols bgp] hierarchy. Configure a single EBGP
neighbor under the my-ext-group BGP group using the loopback address of the
PE router as the neighbor and your own routers loopback address as the
local-address. Commit your configuration when complete.
Step 5.5
Check the state of the EBGP session using the run show bgp summary
command.
Question: What is the state of the EBGP peering
session? Why?
Step 5.6
To relax the EBGP requirement of physical interface peering and make it possible to
EBGP peer between loopback addresses, apply the multihop statement to the
my-ext-group BGP group. Commit your configuration when complete.
Step 5.7
Check the status of the EBGP session with the run show bgp summary
command.
Question: What is the state of the EBGP peering
session after the multihop command is
configured?
Step 5.8
Now that the EBGP peering session is established, use the run show route
receive-protocol bgp PE-loopback-address command to view the
routes being received from the P3 router.
Question: Are routes being received from the EBGP
peering session?
Step 5.9
Display the 172.28.102.0/24 route using the run show route
172.28.102.0/24 detail active-path command.
www.juniper.net
Step 5.10
Use the run show route forwarding-table destination
172.28.102.0/24 command to verify that the forwarding table now has two
next-hop interfaces for the 172.28.102.0/24 route.
Question: Is the forwarding table using both
next-hop interfaces to reach the 172.28.102.0/24
route? Why or why not?
Step 5.11
Exit configuration mode and log out of your assigned device using the exit
command.
STOP
www.juniper.net
Lab 5
BGP Attributes
Overview
This lab demonstrates configuration and manipulation of BGP path attributes. In this lab,
you use the command-line interface (CLI) to configure and manipulate BGP attributes.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Step 1.2
Access the CLI on your student device using either the console, Telnet, or SSH as
directed by your instructor. Refer to the management network diagram for the IP
address associated with your student device. The following example uses a simple
Telnet access to srxA-1 with the Secure CRT program as a basis:
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the
load override /var/home/lab/ajer/lab5-start.config command.
After the configuration has been loaded, commit the changes before proceeding.
www.juniper.net
Step 2.2
Navigate to the [edit protocols bgp] hierarchy. Use the show command to
verify that the my-int-group group has been preconfigured as an IBGP session
with three peers.
Step 2.3
Configure a BGP group named my-ext-group that includes the single device
directly connected in the different AS as an EBGP peer. Use the connected address
of the device as your peering address. When you are satisfied with the newly defined
BGP configuration, issue the commit command to activate the changes.
Note
STOP
www.juniper.net
Step 3.2
Navigate to the [edit policy-options] configuration hierarchy. Create a
policy named nhs with one term that sets all routes to next-hop self. You can
name this term anything you like.
Step 3.3
Navigate back to the [edit protocols bgp] configuration hierarchy. Apply the
nhs policy to the my-int-group BGP group as an export policy. When you are
satisfied with the newly defined configuration, issue the commit command to
activate changes.
Note
STOP
Step 4.2
Issue a run show route advertising-protocol bgp peer-address
| match "^\* command to count how many routes are advertised to the EBGP
peer.
Lab 54 BGP Attributes
www.juniper.net
Step 4.3
Navigate to the [edit policy-options] hierarchy and create an AS path
regular expression named null-as that matches the null aspath-regex value.
Step 4.4
Create a policy named export-ebgp. This policy will contain two terms. Name the
first term local-routes and have it accept BGP routes that match the
aspath-regex named null-as created previously. Name the second term last
and set it to reject everything else.
Question: What is the default terminating action for
a routing policy in BGP?
Step 4.5
Navigate to the [edit protocols bgp] hierarchy. Apply the export-ebgp
policy as an export policy to the my-ext-group BGP group. When you are satisfied
with the newly defined policy configuration, issue the commit command to activate
the changes.
Step 4.6
Issue a run show route advertising-protocol bgp peer-address
| match "^\* command to determine which routes are advertised to the EBGP
peer after applying the export policy.
Question: lHow many routes are you now sending
to your EBGP peer?
STOP
www.juniper.net
www.juniper.net
Step 5.5
Log out of the vr-device.
STOP
www.juniper.net
Step 6.4
For verification, issue a run show route community
"65510|65520:1000" extensive | match "^[0-9]|Localpref"
command and ensure the correct routes get tagged with the correct local preference
value.
Question: Are the peers local routes getting the
right local preference based on the policy applied in
the previous steps?
STOP
Step 7.3
Navigate to the [edit policy-options] configuration hierarchy. Create a
community named no-export containing the well-known no-export community.
Step 7.4
Navigate to the [edit policy-options policy-statement
export-ebgp] configuration hierarchy. Create two new terms. Name one of the
terms adv-agg; it should match the aggregate routes and accept them. Name the
second term ne to set the community to the no-export community you created
previously. Using the then next term option, set an additional action in the ne
term.
www.juniper.net
Step 7.5
This step is to be performed by Team 1 only.
Insert the adv-agg term before the term named origin. Insert the ne term after
the adv-agg term. When you are satisfied with the newly defined configuration,
issue the commit and-quit command to activate the changes and exit to
operational mode.
Note
www.juniper.net
Step 7.9
From the vr-device, verify the routes originated from your local AS (64700) by issuing
a show route table ispY-X aspath-regex ".*64700$" command,
where X is the pod letter you are using (A,B,C, or D).
Question: Why does the number of routes
advertised from AS 64700 (6) differ from the
amount of routes ISP Y receives (two)?
Step 7.10
Log out of the vr-device using the exit command.
Step 7.11
Log out of your assigned device using the exit command.
STOP
www.juniper.net
Lab 6
Implementing Enterprise Routing Policies
Overview
This lab demonstrates implementation of enterprise routing policies. In this lab you will be
using BGP as a policy tool to achieve the goals of the lab. In this lab, you use the
command-line interface (CLI) to configure and manipulate configuration.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Step 1.2
Access the CLI on your student device using either the console, Telnet, or SSH as
directed by your instructor. Refer to the management network diagram for the IP
address associated with your student device. The following example uses a simple
Telnet access to srxA-1 with the Secure CRT program as a basis:
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the
load override /var/home/lab/ajer/lab6-start.config command.
After the configuration has been loaded, commit the changes before proceeding.
www.juniper.net
Step 2.2
Navigate to the [edit protocols bgp] hierarchy. Configure a BGP group
named my-int-group that includes the other SRX Series device within your AS
as an internal BGP (IBGP) peer. Use the loopback address assigned to your device
as the local address and the remote loopback address of the remote device as the
neighbor address. When you are satisfied with the newly defined BGP configuration,
issue the commit command to activate the changes.
Step 2.3
Refer to the lab diagram and find your directly connected enterprise peer. Configure
a BGP group named my-ent-group that includes this single device. Using the
connected address of the device as your peering address, configure this device as
an EBGP peer. Do not forget to set the correct peer AS (either 65001 or 65002,
depending on your assigned device). When you are satisfied with the newly defined
BGP configuration, issue the commit command to activate the changes.
Step 2.4
Refer to the lab diagram and find your directly connected external peer. Configure a
BGP group named my-ext-group that includes this single device. Using the
connected address of the device as your peering address, configure this device as
an EBGP peer. Do not forget to set the correct peer AS (either 3356 or 813,
depending on your assigned device). When you are satisfied with the newly defined
BGP configuration, issue the commit command to activate the changes.
Note
STOP
www.juniper.net
www.juniper.net
www.juniper.net
Step 4.5
Remove the private AS when advertising the enterprise routes to the ISP. Use the
remove-private command under the my-ext-group. When you are satisfied
with the newly defined BGP configuration, issue the commit command to activate
the changes.
Step 4.6
Issue the run show route advertising-protocol bgp
ext-peer-address command to verify that no private AS numbers exist in the AS
path.
Question: Is the private AS value removed from the
advertisements?
Step 4.7
Note
Note
www.juniper.net
STOP
www.juniper.net
Step 6.1
Navigate to the [edit protocols bgp] hierarchy. Remove the import policy
named primary-secondary from the BGP group my-ext-group. When you
are satisfied with the newly defined BGP configuration, issue the commit command
to activate the changes.
Note
Step 6.3
This step is to be performed by Team 1 only.
Navigate to the [edit policy-options] hierarchy. Create a policy named
load-shared. In this policy, create a term named half that matches all prefixes
within 0.0.0.0/1 or longer. Set the action for the term half to raise the local
preference to 1000 and accept.
Step 6.4
This step is to be performed by Team 2 only.
Navigate to the [edit policy-options] hierarchy. Create a policy named
load-shared. In this policy, create a term named half that matches all prefixes
within 128.0.0.0/1 or longer. Set the action for the term half to raise the local
preference to 1000 and accept.
Step 6.5
Navigate back to the [edit protocols bgp] hierarchy. Apply the
load-shared policy as an import policy to the BGP group my-ext-group.
Note
www.juniper.net
Note
STOP
Step 7.5
Navigate to the [edit protocols bgp] hierarchy. Remove the export policy
from the my-ext-group BGP group. Set the export-load-shared policy as
an export policy for the my-ext-group BGP group. When you are satisfied with the
newly defined configuration, issue the commit command to activate the changes.
Step 7.6
For verification, issue the command run show route
advertising-protocol bgp ext-peer-address to view the routes
advertised to the ISP.
Question: How does this lab part accomplish a
load-shared design?
Step 7.7
Exit configuration mode and log out of your assigned device using the exit
command.
STOP
www.juniper.net
Lab 7
Implementing PIM-SM
Overview
This lab demonstrates configuration and monitoring of Internet Group Management
Protocol (IGMP) and Protocol Independent Multicast Sparse Mode (PIM-SM) on devices
running the Junos operating system using the any-source multicast (ASM) model. In this
lab, you use the command-line interface (CLI) to configure and monitor IGMP and PIM-SM.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Step 1.2
Access the CLI on your student device using either the console, Telnet, or SSH as
directed by your instructor. Refer to the management network diagram for the IP
address associated with your student device. The following example uses a simple
Telnet access to srxA-1 with the Secure CRT program as a basis:
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the
load override /var/home/lab/ajer/lab7-start.config command.
After the configuration has been loaded, commit the changes and return to
operational mode before proceeding.
Step 1.4
Use the show configuration interfaces command to determine which
interfaces have been preconfigured for you.
www.juniper.net
Step 1.5
Use the show configuration protocols command to determine which
protocols have been preconfigured for you.
Question: Have any protocols been preconfigured?
If so, which protocols have been preconfigured?
Step 1.6
Verify that each interface has been configured properly by attempting to ping each of
the locally attached routers and hosts.
Question: Were all of the locally attached routers
and hosts reachable?
Step 1.7
Use the show ospf interface and show ospf neighbor commands to
confirm that OSPF has been configured properly and that adjacencies have been
established between neighboring routers.
Question: Are the adjacencies established between
your router and the two neighboring routers?
Step 1.8
To forward traffic from any given source in a PIM-SM network, each router must have
a route in its routing table associated with the source. Use the show route
172.18.120/24 command to determine whether a route to the source exists in
your devices routing table.
Question: Does the route to the source exist? How
was it learned?
www.juniper.net
STOP
www.juniper.net
Step 2.4
Issue the run show igmp group command to determine the groups that have
been learned from IGMP.
Question: Have any groups been learned on your
assigned device?
Step 2.5
From your assigned device, log in to the attached receiver using SSH, a username of
lab, and a password of lab123.
Step 2.6
Analyze the following table to determine the group that you will configure the
receiver to join.
Receivers
Groups
Pod A
224.7.7.121
Pod B
224.7.7.123
Pod C
224.7.7.125
Pod D
224.7.7.127
Step 2.7
Using the rptqual application, configure your receiver to generate IGMP reports for
the group listed in the table. Use the following example from srxA-1 as a guide:
[lab@CoS1 ~]$ ./rtpqual group-address 1111 rtp&
[1] 16231
[lab@CoS1 ~]$
Step 2.8
Log out of the receiver and return to the operational mode prompt of your student
device.
Step 2.9
Use the run show igmp group command to verify that your device is receiving
IGMP reports from the locally attached receiver.
www.juniper.net
Receivers
RP
Group
Pod A
srxA-1 (192.168.121.1)
224.7.7.121
Pod B
srxB-1 (192.168.121.1)
224.7.7.123
Pod C
srxC-1 (192.168.121.1)
224.7.7.125
Pod D
srxD-1 (192.168.121.1)
224.7.7.127
Step 3.3
This step is to be performed by Team 1 only.
Configure your device to be the RP for all multicast groups (224/4) using the
loopback address for the RP address. Commit your configuration when complete.
www.juniper.net
Step 3.4
This step is to be performed by Team 2 only.
Configure your device to use a static RP using the srxX-1 loopback address. Ensure
that srxX-1 will be the RP for all group addresses (224/4). Commit your
configuration when complete.
Step 3.5
Verify that the correct interfaces have been configured for PIM-SM by issuing the
run show pim interfaces command.
Question: Do all of the interfaces that you
configured for PIM-SM appear in the output of the
command?
Step 3.6
Verify that the correct RP has been configured on your router by issuing the run
show pim rps command.
Question: Is your router aware of any active RPs?
Step 3.7
Issue the run show pim join extensive command to determine the (S,G)
and (*,G) states of your router.
Question: How many states are associated with your
multicast group? Why?
www.juniper.net
Step 3.8
Verify that multicast traffic is being forwarded by your router by issuing the run
show multicast route extensive command.
Question: Is multicast traffic being forwarded by
your router? If so, at what rate is being forwarded?
STOP
www.juniper.net
Step 4.4
Issue the kill -9 pid command to kill the PID of the rtpqual application. Use the
following example as a guide:
[lab@CoS1 ~]$ kill -9 3286
Step 4.5
Analyze the following table to determine the new group that you will configure the
receiver to join.
Receivers
Groups
Pod A
224.7.7.122
Pod B
224.7.7.124
Pod C
224.7.7.126
Pod D
224.7.7.128
Step 4.6
Using the rtpqual application, configure your receiver to generate IGMP reports for
the group listed in the table. Use the following example from srxA-1 as a guide:
[lab@CoS1 ~]$ ./rtpqual group-address 1111 rtp&
[1] 3572
Step 4.7
Log out of the receiver and return to the operational mode prompt of your student
device.
Step 4.8
Using the show igmp group command, verify that your device is receiving IGMP
reports from the locally attached receiver.
Question: Is your router receiving IGMP reports for
any new groups? If so, for which groups?
www.juniper.net
Step 4.9
One requirement of a PIM-SM network with a BSR is that at least one RP and at
least one BSR must exist in the network. Analyze the following table to determine
the RP and BSR for your multicast group.
Receivers
RP/BSR
Group
Pod A
srxA-2 (192.168.122.1)
224.7.7.122
Pod B
srxB-2 (192.168.122.1)
224.7.7.124
Pod C
srxC-2 (192.168.122.1)
224.7.7.126
Pod D
srxD-2 (192.168.122.1)
224.7.7.128
Step 4.10
This step is to be performed by Team 2 only.
Enter configuration mode and navigate to the [edit protocols pim]
hierarchy. Using the srxX-2 loopback address for the RP address, configure srxX-2 to
be the RP and BSR for your multicast group only as indicated in the previous steps
table. Also, configure the BSR priority to a value of 50. Commit your configuration
and exit to operational mode.
Question: Why do you think that there is no need to
add any RP-related configuration to the non-RP and
non-BSR routers?
Step 4.11
Verify that a BSR has been elected using the show pim bootstrap command.
Note
www.juniper.net
Step 4.12
Verify that the correct RP has been configured on your router by issuing the show
pim rps command.
Question: Is your router aware of any active RPs?
Step 4.13
Use the show pim join extensive command to determine the (S,G) and
(*,G) states of your router.
Question: How many states are associated with your
multicast group? Why?
Step 4.14
Verify that multicast traffic is being forwarded by your router by issuing the show
multicast route extensive command.
Question: Is multicast traffic being forwarded by
your router? If so, at which rate is it being
forwarded?
www.juniper.net
Step 4.15
Log out of your assigned device using the exit command when complete.
STOP
www.juniper.net
Lab 8
Implementing SSM
Overview
This lab demonstrates configuration and monitoring of Internet Group Management
Protocol (IGMP) and Protocol Independent Multicast Sparse Mode (PIM-SM) on devices
running the Junos operating system using the source-specific multicast (SSM) model. In
this lab, you use the command-line interface (CLI) to configure and monitor IGMP,
PIM-SM, and general SSM behavior.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Verify the flow of multicast traffic through the SSM modeled network using
various group addresses.
Step 1.2
Access the CLI on your student device using either the console, Telnet, or SSH as
directed by your instructor. Refer to the management network diagram for the IP
address associated with your student device. The following example uses a simple
Telnet access to srxA-1 with the Secure CRT program as a basis:
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the
load override /var/home/lab/ajer/lab8-start.config command.
After the configuration has been loaded, commit the changes and return to
operational mode before proceeding.
Step 1.4
From your device, log in to the attached receiver using SSH with a username of lab
and a password of lab123.
lab@srxA-1> ssh lab@receiver-ip-address
lab@10.1.1.2's password:
Last login: Fri Mar 8 07:48:07 2011 from 10.1.1.1
[lab@CoS1 ~]$
www.juniper.net
Step 1.5
Issue the ps -ef | grep rtpqual command to determine the process ID (PID)
of any rtpqual instances that might still exist from the previous lab or classes. Use
the following example as a guide:
[lab@CoS1 ~]$ ps -ef | grep rtpqual
lab
3572
1 0 07:50 ?
lab
3714 3683 0 08:47 pts/0
Step 1.6
Issue the kill -9 pid command to kill all of the PIDs of any currently running
rtpqual application instances. Use the following example as a guide:
[lab@CoS1 ~]$ kill -9 3572
Step 1.7
Log out of the receiver and return to the operational mode prompt of your student
device.
[lab@CoS1 ~]$ exit
logout
Connection to 10.1.1.2 closed.
lab@srxA-1>
Note
Step 2.3
Analyze the following table to determine the source and group combinations that
you will configure your receiver to join. You might find it beneficial to write your
values down because you will refer to them several times over the following steps.
Receivers
Source, Groups
Pod A
Pod B
Pod C
Pod D
Step 2.4
From your device, log in to the attached receiver using SSH with a username of lab
and a password of lab123.
lab@srxA-1> ssh lab@receiver-ip-address
lab@10.1.1.2's password:
Last login: Fri Mar 18 07:48:07 2011 from 10.1.1.1
[lab@CoS1 ~]$
Step 2.5
Using the rtpqual application, configure your receiver to generate IGMP reports
for the source and group combinations listed in the table. Use the following example
as a guide:
[lab@CoS1 ~]$ ./rtpqual 224.22z.1.1 1111 rtp&
[1] 3789
[lab@CoS1 ~]$ ./rtpqual 232.22z.2.2 1111 rtp&
[2] 3792
[lab@CoS1 ~]$ ./rtpqual 172.18.120.y@232.22z.3.3 1111 rtp&
[3] 3793
www.juniper.net
Step 2.6
Log out of the receiver and return to the operational mode prompt of your student
device. You might see output streaming from the rtpqual application. This is okay;
simply issue the exit command and press the Enter key.
[lab@CoS1 ~]$ exit
Connection to 10.1.1.2 closed.
lab@srxA-1>
Step 2.7
Issue the show igmp group command to verify that your device is receiving IGMP
reports from the locally attached receiver.
Question: Is your router receiving IGMP reports for
all three of the new groups?
Step 2.8
Issue the show igmp statistics command and determine whether any
IGMPv3 report errors have been logged.
Question: Has your router noticed any IGMP report
errors? Why or why not?
www.juniper.net
www.juniper.net
Step 4.5
Issue the show pim join extensive command, verify that an SPT has been
built from source to receiver for all three multicast groups.
Question: Have PIM Join messages been sent
upstream toward the source for each of the three
multicast groups? Is this the expected behavior?
Step 4.6
Issue the show multicast route extensive command to determine
whether multicast data is being forwarded by your router for all three multicast
groups.
Question: Is multicast traffic being forwarded by
your router for all three groups?
Step 4.7
Log out of your assigned device using the exit command when complete.
STOP
www.juniper.net
www.juniper.net
Lab 9
Implementing CoS Features in the Enterprise
Overview
This lab demonstrates the implementation and testing of various class-of-service (CoS)
components in a network. In this lab, you use the CLI to configure and manipulate
configuration.
The lab is available in two formats: a high-level format designed to make you think through
each step and a detailed format that offers step-by-step instructions complete with
sample output from most commands.
By completing this lab, you will perform the following tasks:
www.juniper.net
Part 1: Loading the Initial Configuration and Accessing the CoS Host
In this lab part, you use two CLI sessions to accomplish the labs goals. You will first
log in to your assigned SRX Series student device in the same manner as for
previous labs. Next, you will open a second session to your assigned student device
and then SSH from there to the CoS end-host device.
Step 1.1
Ensure that you know to which student device you have been assigned. Check with
your instructor if you are not certain. Consult the management network diagram to
determine the management address of your student device.
Question: What is the management address
assigned to your station?
Step 1.2
Access the CLI on your student device using either the console, Telnet, or SSH as
directed by your instructor. Refer to the management network diagram for the
IP address associated with your student device. The following example uses a
simple Telnet access to srxA-1 with the Secure CRT program as a basis:
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the
load override /var/home/lab/ajer/lab9-start.config command.
After the configuration has been loaded, commit the changes before proceeding.
Step 1.4
Open a second session to your assigned student device and log in with the
username lab using a password of lab123. From that session, log in to the
attached CoS host using SSH with a username of lab and a password of lab123.
Refer to the lab diagram as needed.
www.juniper.net
Note
Step 2.3
Navigate to the [edit class-of-service] configuration hierarchy. Create a
DiffServ code point (DSCP) behavior aggregate classifier named BA-class. In this
classifier, import the default DSCP classification.
Step 2.4
Within the BA-class classifier created in the previous step, match on code points
ef and cs5 for forwarding-class expedited-forwarding. Set the loss priority to low.
Question: What is the purpose of the DSCP class
selector (CS) per-hop behavior group?
Step 2.5
Apply the BA-class behavior aggregate classifier to all gigabit interfaces on your
assigned student device. When complete, issue the commit command to activate
the changes.
www.juniper.net
Step 2.6
Issue the run clear interfaces statistics all command to clear the
statistics for all interfaces.
Step 2.7
Return to the CLI session on your CoS host.
On the CoS host, secure copy (scp) a file named smallfile.txt in a folder called
lab7files from the other teams host to your local directory. Use the scp
cosZ:lab7files/smallfile.txt smallfile.txt command, where Z is
the number (1 or 2) of the other team, to complete this step.
Note
www.juniper.net
Step 3.3
Insert the new http-dst term before the term scp in the MF-class filter. When
complete, issue the commit command to activate the changes.
Step 3.4
Create a policer named voice-overflow. Set the policers action to
forwarding-class best-effort and loss-priority high if the bandwidth exceeds
3 megabits. In addition, set a burst size limit of 640 kilobytes for this policer.
Step 3.5
Within the MF-class firewall filter, create a new term named voip-limit that
matches traffic with the DSCP class ef. Set the action of the term to then
policer voice-overflow.
Step 3.6
Insert the new voip-limit term before the term scp in the MF-class filter.
When complete, issue the commit command to activate the changes.
Question: Why is it important to rate-limit
high-priority traffic on an SRX Series device?
www.juniper.net
Name
Criteria
be
ef
af
nc
data
transmit-rate percent 20
priority low
priority high
buffer-size percent 20
priority medium-high
transmit-rate percent 5
priority low
transmit-rate percent 20
priority medium-high
Step 4.2
Navigate to the [edit class-of-service drop-profiles] configuration
hierarchy. Create a drop profile named aggressive with the criteria listed in the
following table:
Drop-Profile
aggressive
Criteria
fill-level 30 drop-probability 40
fill-level 80 drop-probability 60
Step 4.3
Navigate to the [edit class-of-service scheduler-maps] configuration
hierarchy. Create a scheduler-map named my-sched-map with the mappings
listed in the following table:
www.juniper.net
Scheduler-Map
my-sched-map
Mappings
forwarding-class best-effort
scheduler be
forwarding-class
expedited-forwarding scheduler ef
forwarding-class assured-forwarding
scheduler af
forwarding-class network-control
scheduler nc
Step 4.7
Navigate to the [edit class-of-service] configuration hierarchy. Apply the
scheduler-map my-sched-map to interface ge-0/0/1. Issue the commit
command to activate the changes.
www.juniper.net
Step 4.8
Issue the command run clear interfaces statistics all to clear the
interface statistics for all interfaces.
Step 4.9
Return to the CLI session on your CoS host.
On the CoS host, run the gendata.sh command again. As before, allow the script
to finish before proceeding.
Step 4.10
Return to the CLI session on your SRX Series student device.
On the SRX Series device, issue the run show interfaces ge-0/0/1
extensive | find "Queue counters" command to view the current queue
counters.
Question: How many drops do you see in the
expedited-forwarding queue now?
Step 4.11
Issue the run show interfaces queue ge-0/0/1 forwarding-class
best-effort command to view details about the best-effort queue.
Question: How many high-priority random early
detection (RED)-dropped packets does the router
display?
www.juniper.net
Step 5.4
Return to the CLI session on your CoS host.
On the CoS host, issue the sudo /usr/sbin/tshark -w icmp.cap -ni
eth1 -c 10 dst host srx command. Use lab123 for a password when
prompted.
Let the command run, and proceed to the next step.
Step 5.5
Return to the CLI session on your SRX Series student device.
On the SRX Series device, ping the other teams CoS host from your SRX Series
device. Set the ToS byte to 96 and only send 10 pings. Refer to the network diagram
as needed.
Note
Step 5.7
Using the exit command, log out of the CoS host and then log out of your second
SRX Series CLI session.
Step 5.8
Return to the CLI session on your SRX Series student device.
On the SRX Series device, navigate to the top hierarchy and issue the load
override ajer/reset.config command to load the reset configuration file.
Commit the changes, return to operational mode, and then log out of your assigned
device.
www.juniper.net
STOP
www.juniper.net
Lab 10
BGP Route Reflection
Overview
Within a local autonomous system (AS) topology, the internal BGP (IBGP) peers are fully
meshed to prevent routing loops from forming. A fully meshed network inherently has
scalability issues, which include the explicit configuration of all IBGP peer with the
addition of a new router. One method to alleviate the full mesh requirement and still
ensure a loop-free BGP topology is route reflection. Route reflection provides a
loop-detection mechanism within IBGP to allow IBGP routes to be readvertised to other
IBGP peers.
In this lab, you use the lab diagrams titled Lab 10: BGP Route ReflectionParts 12,
Lab 10: BGP Route ReflectionPart 3, and Lab 10: BGP Route ReflectionPart 4 to
configure and monitor BGP route reflection.
By completing this lab, you will perform the following tasks:
www.juniper.net
Step 1.2
Access the CLI on your student device using either the console, Telnet, or SSH as
directed by your instructor. Refer to the management network diagram for the
IP address associated with your student device. The following example uses a
simple Telnet access to srxA-1 with the Secure CRT program as a basis:
Step 1.3
Log in to the student device with the username lab using a password of lab123.
Note that both the name and password are case-sensitive. Enter configuration mode
and load the reset configuration file using the
load override /var/home/lab/ajer/lab10-start.config command.
After the configuration has been loaded, commit the changes before proceeding.
www.juniper.net
Step 3.1
Navigate to the [edit protocols bgp] hierarchy and issue the show
command to view the current BGP configuration for your student device.
Step 3.2
Delete the my-int-group group and create a new group named
my-mesh-group. Configure the my-mesh-group group as a standard IBGP
session with only one neighborthe other route reflectors loopback address. Do not
forget the type and local-address statements.
Step 3.3
Navigate to the [edit protocols bgp group rr-cluster] hierarchy.
Configure the rr-cluster group as an IBGP group that includes the loopback
addresses of your two locally attached virtual routers as neighbors. Do not forget the
type and local-address statements. However, do not include the cluster
statement at this time.
Step 3.4
Navigate to the [edit routing-instances C1 protocols bgp] hierarchy.
Issue the show command to view the current BGP configuration for the C1 virtual
router.
Step 3.5
Within the my-int-group group, delete all neighbors except for the locally
attached route-reflector loopback address.
Step 3.6
Navigate to the [edit routing-instances C2 protocols bgp] hierarchy.
Issue the show command to view the current BGP configuration for the C2 virtual
router.
Step 3.7
Within the my-int-group group, delete all neighbors except for the locally
attached route-reflector loopback address. Refer to your lab diagram as needed.
When complete, issue the commit command to activate your changes.
Note
www.juniper.net
Step 3.9
Navigate to the [edit protocols bgp group rr-cluster] hierarchy. Use
the cluster statement to configure the cluster ID as shown on your lab diagram.
When complete, issue the commit command to activate your changes.
Note
Step 3.11
Issue a run show route prefix/24 table C1.inet.0 detail
command, where prefix is the route advertised from your local C2 virtual router.
Question: What do you notice about the AS path
information?
Step 3.12
Issue a run show route prefix/24 table C1.inet.0 detail
command, where prefix is the route advertised from the remote C1 virtual router.
Question: What is the cluster list value for this
route?
www.juniper.net
Step 4.3
Verify IGP connectivity by issuing the
run ping local-C3-loopback-address rapid command.
Question: Was the ping successful?
Step 4.4
Navigate to the [edit protocols bgp group rr-cluster] hierarchy. Add
your local C3 routers loopback address as a neighbor in the rr-cluster group.
Step 4.5
Navigate to the [edit routing-instances C3 routing-options]
hierarchy. Configure the AS number as shown on your lab diagram.
www.juniper.net
Step 4.6
Navigate to the [edit routing-instances C3 protocols bgp] hierarchy.
Create an IBGP group named my-int-group. This group should contain a single
neighbor of your locally attached route reflectors loopback address. A policy named
static-to-bgp has been preconfigured for you. Export this policy in your
my-int-group. Also, do not forget the type and local-address statements.
When complete, issue the commit command to activate your changes.
Step 4.7
Issue the run show bgp summary instance C3 command to verify your new
IBGP peering session is established.
Note
Step 4.9
Navigate to the top hierarchy level and issue the
load override /var/home/lab/ajer/reset.config command to load
the reset configuration file. Commit the changes, return to operational mode, and
then log out of your assigned device.
STOP
www.juniper.net
www.juniper.net
A2 Lab Diagrams
www.juniper.net
www.juniper.net
Lab Diagrams A3
A4 Lab Diagrams
www.juniper.net
www.juniper.net
Lab Diagrams A5
A6 Lab Diagrams
www.juniper.net
www.juniper.net
Lab Diagrams A7
A8 Lab Diagrams
www.juniper.net
www.juniper.net
Lab Diagrams A9
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net
www.juniper.net