(data center) - inetzero · pdf filefor juniper networks ® - jncie-dc 2017 lab exam . ......

http://www.inetzero.com-Copyright2017iNETZERO.AllrightsreservedForpersonalnoncommercialuseonly–donotdistribute-SteganoID=OFF

JNCIE-DC

Labworkboo

k:In

trod

uctio

n

1

1 iNETZERO–JNCIE-DC(DATACENTER)WORKBOOKv1.0(DEMO)

iNET ZERO - JNCIE-DC (DATA CENTER)

Lab preparation workbook

V1.0 (DEMO)

For Juniper Networks ® - JNCIE-DC 2017 Lab exam


JNCIE-DC

Labworkboo

k:In

trod

uctio

n

2


ContentsIntroduction...............................................................................................................................................13

AboutTheAuthors.................................................................................................................................13

Copyrightandlicensinginformation......................................................................................................15

Disclaimer...............................................................................................................................................15

HowToUseThisBook............................................................................................................................16

Targetaudience......................................................................................................................................16

Examstrategy.........................................................................................................................................17

JNCIE-DCHallofFame............................................................................................................................19

Workbookandconfigurationfileupdates.............................................................................................19

Chapter1:Layer2Underlay.......................................................................................................................20

VirtualChassisFabric..............................................................................................................................21

LAG.........................................................................................................................................................24

MC-LAG..................................................................................................................................................25

Part1:MC-LAG.......................................................................................................................................30

Task1.1:ToRconfiguraton.................................................................................................................31

Task1.2:MC-LAGpeers:server-facingconfiguration........................................................................31

Task1.3:MC-LAGpeers:core-facingconfiguration...........................................................................31

Task1.4:vMXLAGconfiguration.......................................................................................................31

Task1.5:vMXMC-LAGconfiguration.................................................................................................32

Task1.6:vMXMC-LAGgatewayconfiguration..................................................................................32

Part2:MultistageMC-LAG.....................................................................................................................33

Task1.7:DC1LAG...............................................................................................................................35

Task1.8:DC1MultistageMC-LAG......................................................................................................35

Task1.9:DC1GatewayandOSPFconfiguration................................................................................35

Task1.10:DC1security......................................................................................................................36

Task1.11:DC2LAGandMC-LAGconfiguration.................................................................................36

Task1.12:DC2Gateway,VRRPandOSPFconfiguration....................................................................36

Task1.13:MC-LAGverification..........................................................................................................37

Part3:VCF..............................................................................................................................................38

Task1.14:VCFconfiguration..............................................................................................................39


JNCIE-DC

Labworkboo

k:In

trod

uctio

n

3


Task1.15:VCFfeatures......................................................................................................................39

Task1.16:DeconstructingtheVCF.....................................................................................................39

Task1.17:AutoprovisioningaVCF.....................................................................................................39

Task1.19:VCFVLANandinterfaceconfiguration..............................................................................39

Chapter2:CLOSIPFabric...........................................................................................................................40

Part1:EBGP-basedClosIPFabric..........................................................................................................43

Task2.1:CorenetworkBGPconfiguration1......................................................................................45

Task2.2:CorenetworkBGPconfiguration2......................................................................................45

Task2.3:ISPuplinkconfiguration......................................................................................................45

Task2.4:IP-FabricBGPcustomerconfiguration................................................................................45

Task2.5:Server100-110internetfeed..............................................................................................46

Task2.6:Server113-115configuration..............................................................................................46

Task2.7:IP-Fabriccustomerpolicyconfiguration..............................................................................46

Task2.8:IP-Fabriccustomerpolicyconfiguration..............................................................................46

Task2.9:ISPpolicyconfiguration.......................................................................................................46

Part2:IBGP-basedClosIPFabric...........................................................................................................47

Task2.10:IGPconfiguration..............................................................................................................49



Task2.13:IPv4IBGPconfiguration.....................................................................................................49

Task2.14:IPv6IBGPconfiguration.....................................................................................................49

Task2.15:Server101-110.................................................................................................................49

Task2.16:EBGPconfiguration...........................................................................................................49

Task2.17:LocalASadvertisement.....................................................................................................50

Task2.18:BGPRIBconfiguration.......................................................................................................50

Task2.19:AS65000customers...........................................................................................................50

Task2.20:IP-Transitpolicyconfiguration..........................................................................................50

Chapter3:ControllerlessOverlay..............................................................................................................51

VXLAN.................................................................................................................................................51

EVPN...................................................................................................................................................52

Thecontrollerlessoverlay......................................................................................................................55

Part1:AbasicEBGP-basedoverlaynetwork.........................................................................................58


JNCIE-DC

Labworkboo

k:In

trod

uctio

n

4


Task3.1:ConfiguretheEBGPunderlay..............................................................................................59

Task3.2:EBGPunderlayoptimization................................................................................................59

Task3.3:IBGPoverlayconfiguration..................................................................................................59

Task3.4:ConfigureQFXswitch-levelEVPN........................................................................................59

Task3.5:VXLANsegmentconfiguration............................................................................................59

Task3.6:Active-activemultihoming..................................................................................................59

Task3.7:ConfigurevMXvirtual-switch-levelEVPN...........................................................................60

Task3.8:Redundantlayer3VXLANgatewayconfiguration..............................................................60

Task3.9:Inter-VXLANrouting............................................................................................................60

Part2:IBGP-basedoverlaynetwork......................................................................................................61


Task3.11:IGPoptimization................................................................................................................62

Task3.12:IBGPconfiguration............................................................................................................62

Task3.13:ConfigureQFXswitch-levelEVPN.....................................................................................62

Task3.14:VXLANsegmentconfigurationandactive-activemultihoming........................................62

Task3.15:VXLANsegmentconfigurationforVNI101......................................................................62

Task3.16:AdditionalVXLANsegmentconfiguration........................................................................63

Task3.17:MXvirtual-switchwithselectiveVXANimport.................................................................63

Task3.18:Layer3VXLANgatewayconfiguration.............................................................................63



Part3:IPfabricandcontrollerlessoverlay.............................................................................................65

Task3.21:EBGPfortheIP-Fabric.......................................................................................................67

Task3.22:CompletingtheIP-Fabric...................................................................................................67

Task3.23:Controllerlessoverlay........................................................................................................67

Task3.24:Expandingthecontrollerlessoverlay................................................................................67

Task3.25:IP-Fabricroutingpolicies...................................................................................................68

Chapter4:DataCenterInterconnect.........................................................................................................69

MPLSandLabeldistributionprotocols...................................................................................................69

MPLSL3VPN...........................................................................................................................................71

MPLSEVPN.............................................................................................................................................72

DataCenterInterconnecttypes.............................................................................................................73


JNCIE-DC

Labworkboo

k:In

trod

uctio

n

5


Part1:MPLSandMPLSL3VPN...............................................................................................................77

Task4.1:IGPconfiguration.................................................................................................................79

Task4.2:LDPconfiguration................................................................................................................79

Task4.3:MPLSLSPoptionsconfiguration..........................................................................................79

Task4.4:BGPconfiguration...............................................................................................................79

Task4.5:MPLSL3VPNiNET-BLUE......................................................................................................79

Task4.6:MPLSL3VPNiNET-GREEN....................................................................................................80

Task4.7:MPLSL3VPNiNET-RED........................................................................................................80

Part2:MPLS,MPLSL3VPNandEVPN....................................................................................................81

Task4.8:RSVPconfiguration..............................................................................................................83

Task4.9:RSVPLSPconfiguration.......................................................................................................83

Task4.10:BGPconfiguration.............................................................................................................83

Task4.11:EVPNiNET-PURPLE............................................................................................................83

Task4.12:EVPNiNET-BLUE................................................................................................................83

Task4.13:EVPNiNET-GREEN.............................................................................................................83

Task4.14:EVPNiNET-RED..................................................................................................................84

Part3:MPLSL3VPNandVLAN-awareEVPN..........................................................................................85

Task4.16:EVPNnorthconfiguration.................................................................................................87

Task4.17:EVPNsouthconfiguration.................................................................................................87

Task4.18:EVPNmultihoming............................................................................................................87

Task4.19:VLAN-basedEVPNconfiguration.......................................................................................88

Part4:controllerlessoverlayandEVPNDCI..........................................................................................89

Task4.20:DC1Controllerlessoverlaypart1:routingandsignaling..................................................90

Task4.21:DC1Controllerlessoverlaypart2:theoverlay..................................................................90

Task4.22:DC2Controllerlessoverlaypart1:theunderlay...............................................................90

Task4.23:DC2Controllerlessoverlaypart2:theoverlay..................................................................90

Task4.24:EVPNstitching...................................................................................................................91

Chapter5:Security.....................................................................................................................................92

Controlplaneprotection........................................................................................................................93

Dataplaneprotection............................................................................................................................94

StatefulfirewallingandSRXconfiguration.............................................................................................95

Simplifiedflowmodule.Screenoptions,ALGandNGFWarenotdisplayed.............................................95


JNCIE-DC

Labworkboo

k:In

trod

uctio

n

6


Part1:Securingthedatacenter.............................................................................................................97

Task5.1:vSRXzoneandinterfaceconfiguration...............................................................................98

Task5.2:vSRXpolicyconfiguration....................................................................................................98

Task5.3:vSRXNAT.............................................................................................................................98

Task5.4:vSRXScreens.......................................................................................................................99

Task5.5:vSRXREprotection..............................................................................................................99

Task5.6:Limitingbandwidthusingastatelessfirewallfilter.............................................................99

Chapter6:ClassofService.......................................................................................................................100

Part1:CoSinsidethedatacenter.........................................................................................................104

Task6.1:Forwardingclasses............................................................................................................105

Task6.2:Scheduling.........................................................................................................................105

Task6.3:WRED................................................................................................................................105

Task6.4:BAclassifiers......................................................................................................................106

Task6.5:Rewriterules.....................................................................................................................106

Task6.6:TrafficclassificationonvQFX3andvQFX4........................................................................106

Task6.6:TrafficclassificationonvQFX5...........................................................................................106

Chapter7:Management..........................................................................................................................107

Onboxscripts.......................................................................................................................................107

JunosSpace..........................................................................................................................................108

ZeroTouchProvisioning.......................................................................................................................109

NETCONF..............................................................................................................................................110

Task7.1:ZeroTouchProvisioning(ZTP)...........................................................................................113

Task7.2:PythonusingNetconf........................................................................................................113

Task7.3:JunosSpace.......................................................................................................................113

Task7.4:Onboxscripting1.............................................................................................................114



Superlab...................................................................................................................................................116

SuperlabTopology................................................................................................................................118

SuperlabChapter1:Devicemanagement............................................................................................119


Task1.2:JunosSpace......................................................................................................................119


JNCIE-DC

Labworkboo

k:In

trod

uctio

n

7


Task1.3:OnBoxscripting...............................................................................................................119

Task1.4:Netconf.............................................................................................................................119

SuperlabChapter2:Underlay..............................................................................................................120

Task2.1:MultiChassisLinkAggregation(MC-LAG)........................................................................120

Task2.2:Layer2underlayconfiguration........................................................................................120

Task2.3:Layer2underlayfeatures.................................................................................................120

Task2.4:BUMtraffichandling........................................................................................................121

Task2.5:Layer2redundancy..........................................................................................................121

Task2.6:Layer3UnderlayMAINDC..............................................................................................121

Task2.7:Layer3underlayrouting..................................................................................................121

Task2.8:eBGPunderlay..................................................................................................................122

SuperlabChapter3:ControllerlessOverlay.........................................................................................123

Task3.1:EVPNoverlayconfiguration...............................................................................................123

Task3.2:EVPN/VLANserviceconfiguration.....................................................................................123

Task3.3:EVPN/VXLANservicetuning..............................................................................................123

Task3.4:EVPNsignaling...................................................................................................................124

SuperlabChapter4:DataCenterInterconnect....................................................................................125

Task4.1:DCIconfiguration..............................................................................................................125

Task4.2:DC1redundancy................................................................................................................128

Task4.3:(Inter)DataCenterconnectivity........................................................................................128

Task4.4:DataCenterconnectivitytoexternalserver.....................................................................128

SuperlabChapter5:Security................................................................................................................129

Task5.1:Userauthenticationandautorisation...............................................................................129

Task5.2:SRXConfiguration..............................................................................................................129

Task5.3:REprotection.....................................................................................................................129

SuperlabChapter6:ClassofService....................................................................................................130


Task6.2:Schedulersandtrafficprofiles...........................................................................................130

Task6.3:Policing..............................................................................................................................130

AppendixChapter1:Layer2Underlay.....................................................................................................131

Part1:MC-LAG.....................................................................................................................................131

Task1.1:ToRconfiguraton...............................................................................................................132


JNCIE-DC

Labworkboo

k:In

trod

uctio

n

8


Task1.2:MC-LAGpeers:server-facingconfiguration......................................................................136

Task1.3:MC-LAGpeers:core-facingconfiguration.........................................................................145

Task1.4:vMXLAGconfiguration.....................................................................................................147

Task1.5:vMXMC-LAGconfiguration...............................................................................................153

Task1.6:vMXMC-LAGgatewayconfiguration................................................................................161

Part2:MultistageMC-LAG...................................................................................................................165

Task1.7:DC1LAG.............................................................................................................................167

Task1.8:DC1MultistageMC-LAG....................................................................................................171

Task1.9:DC1GatewayandOSPFconfiguration..............................................................................179

Task1.10:DC1security....................................................................................................................185

Task1.11:DC2LAGandMC-LAGconfiguration...............................................................................188

Task1.12:DC2Gateway,VRRPandOSPFconfiguration..................................................................200

Task1.13:MC-LAGverification........................................................................................................208

Part3:VCF............................................................................................................................................219

Task1.14:VCFconfiguration............................................................................................................220

Task1.15:VCFfeatures....................................................................................................................225

Task1.16:DeconstructingtheVCF...................................................................................................227

Task1.17:AutoprovisioningaVCF...................................................................................................230

Task1.18:VCFVLANandinterfaceconfiguration............................................................................234

Appendix:VCF..................................................................................................................................240

AppendixChapter2:ClosIPFabric..........................................................................................................247

Part1:EBGP-basedClosIPFabric........................................................................................................247

Task2.1:CorenetworkBGPconfiguration1....................................................................................249

Task2.2:CorenetworkBGPconfiguration2....................................................................................254

Task2.3:ISPuplinkconfiguration....................................................................................................256

Task2.4:IP-FabricBGPcustomerconfiguration..............................................................................259

Task2.5:Server100-110internetfeed............................................................................................263

Task2.6:Server113-115configuration............................................................................................265

Task2.7:IP-Fabriccustomerpolicyconfiguration............................................................................273

Task2.8:IP-Fabriccustomerpolicyconfiguration............................................................................275

Task2.9:ISPpolicyconfiguration.....................................................................................................282

Part2:IBGP-basedClosIPFabric.........................................................................................................288


JNCIE-DC

Labworkboo

k:In

trod

uctio

n

9


Task2.10:IGPconfiguration............................................................................................................290



Task2.13:IPv4IBGPconfiguration...................................................................................................303

Task2.14:IPv6IBGPconfiguration...................................................................................................307

Task2.15:Server101-110...............................................................................................................311

Task2.16:EBGPconfiguration.........................................................................................................315

Task2.17:LocalASadvertisement...................................................................................................328

Task2.18:BGPRIBconfiguration.....................................................................................................335

Task2.19:AS65000customers.........................................................................................................339

Task2.20:IP-Transitpolicyconfiguration........................................................................................342

AppendixChapter3:ControllerlessOverlay............................................................................................347

Part1:AbasicEBGP-basedoverlaynetwork.......................................................................................347

Task3.1:ConfiguretheEBGPunderlay............................................................................................348

Task3.2:EBGPunderlayoptimization..............................................................................................354

Task3.3:IBGPoverlayconfiguration................................................................................................358

Task3.4:ConfigureQFXswitch-levelEVPN......................................................................................364

Task3.5:VXLANsegmentconfiguration..........................................................................................368

Task3.6:Active-activemultihoming................................................................................................378

Task3.7:ConfigurevMXvirtual-switch-levelEVPN.........................................................................390

Task3.8:Redundantlayer3VXLANgatewayconfiguration............................................................399

Task3.9:Inter-VXLANrouting..........................................................................................................403

Part2:IBGP-basedoverlaynetwork....................................................................................................406


Task3.11:IGPoptimization..............................................................................................................410

Task3.12:IBGPconfiguration..........................................................................................................415

Task3.13:ConfigureQFXswitch-levelEVPN...................................................................................419

Task3.14:VXLANsegmentconfigurationandactive-activemultihoming......................................423

Task3.15:VXLANsegmentconfigurationforVNI101....................................................................431

Task3.16:AdditionalVXLANsegmentconfiguration......................................................................435

Task3.17:MXvirtual-switchwithselectiveVXANimport...............................................................445

Task3.18:Layer3VXLANgatewayconfiguration...........................................................................452


JNCIE-DC

Labworkboo

k:In

trod

uctio

n

10




Part3:IPfabricandcontrollerlessoverlay...........................................................................................472

Task3.21:EBGPfortheIP-Fabric.....................................................................................................474

Task3.22:CompletingtheIP-Fabric.................................................................................................480

Task3.23:Controllerlessoverlay......................................................................................................484

Task3.24:Expandingthecontrollerlessoverlay..............................................................................489

Task3.25:IP-Fabricroutingpolicies.................................................................................................495

AppendixChapter4:DataCenterInterconnect.......................................................................................500

Part1:MPLSandMPLSL3VPN.............................................................................................................500

Task4.1:IGPconfiguration...............................................................................................................502

Task4.2:LDPconfiguration..............................................................................................................506

Task4.3:MPLSLSPoptionsconfiguration........................................................................................514

Task4.4:BGPconfiguration.............................................................................................................518

Task4.5:MPLSL3VPNiNET-BLUE....................................................................................................522

Task4.6:MPLSL3VPNiNET-GREEN..................................................................................................530

Task4.7:MPLSL3VPNiNET-RED......................................................................................................535

Part2:MPLS,MPLSL3VPNandEVPN..................................................................................................542

Task4.8:RSVPconfiguration............................................................................................................544

Task4.9:RSVPLSPconfiguration.....................................................................................................547

Task4.10:BGPconfiguration...........................................................................................................552

Task4.11:EVPNiNET-PURPLE..........................................................................................................555

Task4.12:EVPNiNET-BLUE..............................................................................................................560

Task4.13:EVPNiNET-GREEN...........................................................................................................566

Task4.14:EVPNiNET-RED................................................................................................................572

Part3:MPLSL3VPNandVLAN-awareEVPN........................................................................................579

Task4.16:EVPNnorthconfiguration...............................................................................................581

Task4.17:EVPNsouthconfiguration...............................................................................................589

Task4.18:EVPNmultihoming..........................................................................................................601

Task4.19:VLAN-basedEVPNconfiguration.....................................................................................620

Part4:controllerlessoverlayandEVPNDCI........................................................................................626

Task4.20:DC1Controllerlessoverlaypart1:routingandsignaling................................................627


JNCIE-DC

Labworkboo

k:In

trod

uctio

n

11


Task4.21:DC1Controllerlessoverlaypart2:theoverlay................................................................631

Task4.22:DC2Controllerlessoverlaypart1:theunderlay.............................................................636

Task4.23:DC2Controllerlessoverlaypart2:theoverlay................................................................642

Task4.24:EVPNstitching.................................................................................................................653

AppendixChapter5:Security...................................................................................................................665

Part1:Securingthedatacenter...........................................................................................................665

Task5.1:vSRXzoneandinterfaceconfiguration.............................................................................666

Task5.2:vSRXpolicyconfiguration..................................................................................................671

Task5.3:vSRXNAT...........................................................................................................................678

Task5.4:vSRXScreens.....................................................................................................................687

Task5.5:vSRXREprotection............................................................................................................691

Task5.6:Limitingbandwidthusingastatelessfirewallfilter...........................................................695

AppendixChapter6:ClassofService.......................................................................................................698

Part1:CoSinsidethedatacenter.........................................................................................................698


Task6.2:Scheduling.........................................................................................................................701

Task6.3:WRED................................................................................................................................709

Task6.4:BAclassifiers......................................................................................................................713

Task6.5:Rewriterules.....................................................................................................................715

Task6.6:TrafficclassificationonvQFX3andvQFX4........................................................................717

Task6.6:TrafficclassificationonvQFX5...........................................................................................720

QFX5100ClassofService.................................................................................................................722

AppendixChapter7:Management..........................................................................................................729


Task7.2:PythonusingNetconf........................................................................................................733

Task7.3:JunosSpace.......................................................................................................................735

Task7.4:Onboxscripting................................................................................................................742



AppendixSuperlab...................................................................................................................................751

AppendixSuperlabChapter1:Devicemanagement............................................................................751



JNCIE-DC

Labworkboo

k:In

trod

uctio

n

12


Task1.2:JunosSpace.....................................................................................................................751

Task1.3:OnBoxscripting...............................................................................................................751

Task1.4:Netconf.............................................................................................................................752

AppendixSuperlabChapter2:Underlay..............................................................................................753

Task2.1:MultiChassisLinkAggregation(MC-LAG)........................................................................753

Task2.2:Layer2underlayconfiguration........................................................................................755

Task2.3:Layer2underlayfeatures.................................................................................................756

Task2.4:BUMtraffichandling........................................................................................................757

Task2.5:Layer2redundancy..........................................................................................................757

Task2.6:Layer3UnderlayMAINDC..............................................................................................757

Task2.7:Layer3underlayrouting..................................................................................................758

Task2.8:eBGPunderlay..................................................................................................................759

AppendixSuperlabChapter3:ControllerlessOverlay.........................................................................762

Task3.1:EVPNoverlayconfiguration...............................................................................................762

Task3.2:EVPN/VLANserviceconfiguration.....................................................................................764

Task3.3:EVPN/VXLANservicetuning..............................................................................................767

Task3.4:EVPNsignaling...................................................................................................................768

AppendixSuperlabChapter4:DataCenterInterconnect....................................................................769

Task4.1:DCIconfiguration..............................................................................................................769

Task4.2:DC1redundancy................................................................................................................775

Task4.3:(Inter)DataCenterconnectivity........................................................................................775

Task4.4:DataCenterconnectivitytoexternalserver.....................................................................776

AppendixSuperlabChapter5:Security................................................................................................777

Task5.1:Userauthenticationandautorisation...............................................................................777

Task5.2:SRXConfiguration..............................................................................................................777

Task5.3:REprotection.....................................................................................................................778

AppendixSuperlabChapter6:ClassofService....................................................................................779

Task6.1:ForwardingClasses............................................................................................................779

Task6.2:Schedulersandtrafficprofiles...........................................................................................780

Task6.3:Policing..............................................................................................................................781


JNCIE-DC

Labworkboo

k:In

trod

uctio

n

13


Introduction

AboutTheAuthors

SaidvandeKlundert

Saidisadedicatednetworkengineerandpassionatetechnicalwriter.HeisJNCIEcertifiedintheareasheismostpassionateabout,holdingtheJNCIE-DC#26andJNCIE-SP#2573certification.Saidhasover10yearsofexperienceintheITandnetworkingindustry.HehasbeenabuilderofnetworksforISPs,datacentersandclouds.AfterfulfillingdifferenttechnicalrolesforEricssonandVodafone,heisnowtyingtogetherclouds,datacentersandbroadbandatInterconnect.Inadditiontothis,heisacontentdeveloperforiNETZERO.Throughhisblogs,hehopestoinspireandhelpothers.InhissparetimeheisalsoactiveasaJuniperambassador,whichheconsidersbothanhonoraswellasalotoffun.Inadditiontoallofthis,heisalsoenjoyinglifeasafathertoJanvandeKlundertandahusbandtoAnnevandeKlundert.


JNCIE-DC

Labworkboo

k:In

trod

uctio

n

14


JörgBuesink

JörglivesintheNetherlandsandbringsmorethan15yearsofexperienceintheITandnetworkingindustry.Heworkedforseverallargeserviceprovidersintheroleoftechnicalconsultant,designerandnetworkarchitect.Hehasextensiveexperienceinnetworkimplementation,designandarchitecture.JörgisquadrupleJNCIEcertified(JNCIE-DC#007,JNCIE-ENT#21,JNCIE-SP#284andJNCIE-SEC#30).HeisalsotripleCiscoCCIE#15032(Routing/Switching,ServiceproviderandSecurity),CiscoCCDE#20110002andHuaweiHCIE#2188RoutingandSwitchingcertified.

WhennotbehindacomputerhelikestodiscovertheworldandenjoysspendingtimewithhissonSem.


JNCIE-DC

Labworkboo

k:In

trod

uctio

n

15


CopyrightandlicensinginformationAllrightsreserved.NopartofthispublicationmaybereproducedordistributedinanyformorbyanymeanswithoutthepriorwrittenpermissionofiNETZEROaregisteredcompanyintheNetherlands.Thisproductcannotbeusedbyortransferredtoanyotherperson.Youarenotallowedtorent,lease,loanor(re)selliNETZEROtrainingproductsincludingthisworkbookanditsconfigurations.

Youarenotallowedtomodify,copy,upload,email,share,distributethisworkbookandsupportingmaterialsinanyway.Thisproductmayonlybeusedandprintedforyourownpersonaluseandmaynotbeusedinanycommercialway.

Warning:BesidesstandardantipiracytechniqueslikedocumentwatermarksandpasswordprotectionthisworkbookalsocontainsasteganographyIDmakingthisworkbookuniqueandalwaystraceabletotheoriginalbuyer.Juniper(c),JuniperNetworksinc,JNCIE,JNCIE-DC,Junos,JNCIP,JNCIS,JNCIA,JuniperNetworksCertifiedInternetExpert,areregisteredtrademarksofJuniperNetworks,Inc.

DisclaimerThisworkbookisdesignedtoassistcandidatesinthepreparationforJuniperNetworks’JNCIEDataCenterpracticalLabExam.AnysimilaritiesbetweenmaterialpresentedinthisworkbookandtheactualJNCIE-DClabexamauthorisedbyJuniperNetworksoractualsettingsinanyproductionnetworksinreallifearecompletelycoincidental,unexpectedandabsolutelyunintendedbytheauthors.Whilealotofeffortshavebeenputinordertoensurethatallmaterialisascompleteandaccurateaspossible,theenclosedmaterialispresentedonan“asis”basis.TheauthorsandiNETZEROdonotassumeanyliabilityorresponsibilitytoanypersonorentitywithrespecttolossordamagesincurredfromtheinformationorsolutioncontained/presentedin/bythisworkbook.


JNCIE-DC

Labworkboo

k:In

trod

uctio

n

16


HowToUseThisBookTheiNETZEROJNCIE-DCLabexampreparationworkbookisspecificallydesignedforcandidatestopracticetechnologiesinthepublicblueprintofJuniperNetworks’JNCIE-DCLabExam.Italsohelpscandidatespracticeskillsrelatingtotaskprioritisation,dependenciesandcorrelations.

TheJNCIE-DCLabexampreparationworkbookisbasedontheJNCIE-DCLabtopologyofiNETZEROwhichconsistsof6virtualMX-seriesroutersrunningJUNOSversion16.1,6virtualQFXswitchesrunningJUNOSversion15.1,onevirtualSRXfirewallrunningJUNOSversion12.1,oneCentoslinuxhostandaserverrunningJUNOSspace.Moreinformationaboutthetopologyorrackrentaloptionscanbefoundonourwebsitewww.inetzero.com

TargetaudienceThisworkbookisdevelopedforexperiencednetworkengineerswhoarepreparingfortheJuniperNetworksJNCIE-DClabexam.AlthoughnotrequireditishighlyrecommendedthatyouhavepassedtheJNCIP-DCwrittenexambeforeyoustartusingthisworkbook.iNETZERO’sJNCIE-DClabpreparationworkbookisdevelopedinsuchawaythatweexpectyoutohavetheoreticalknowledgeabouttheJNCIE-DClabexamblueprinttopics(JNCIP-DCcertifiedorworkingtowardsthiscertification).Inthisworkbookyouwillfindseveraltechnologyintroductions.HoweverdonotexpectafullexplanationaboutOSPF,BGP,etcasthereareplentyofothergreatbooksonthemarketforthatpurpose.InthisworkbookwetestifyouareabletoconfigureJuniperNetworksDataCentertechnologiesbasedoncertainrequirementsandunderstandhowtheyinteracttoensureyouarefullypreparedfortheJNCIE-DClabexam.


JNCIE-DC

Labworkboo

k:Cha

pter1:Layer2Und

erlay

20


Chapter1:Layer2UnderlayVirtualChassisFabric(VCF)andMulti-ChassisLinkAggregationGroup(MC-LAG)offertwodifferentapproachestoconstructinglayer2underlaynetworks.TheVCFisaJuniperproprietarysolutionthatallowsyoutocombineupto20devicesthatcanbemanagedasasingledevice.AVCFisconstructedalongthelinesofa3-stageClostopologyandrunsJuniperproprietaryprotocols.You'llmostlyseetopologieswhereintheVCFispresentedasa3stageClostopologythatisfoldedontoitself:

TheMC-LAGapproachisdifferentinthatitdoesnotrequireanyproprietaryprotocols.InanMC-LAGsetup,everydeviceisrunsitsowncontrolplaneoperationsandismanagedseparately.MC-LAGpeersareconfiguretoappearasasingleswitchusing802.3ad:

Bothsetupscanbeusedtoofferahigh-availablelayer2underlayaswellasaredundantlayer3gateway.


JNCIE-DC

Labworkboo

k:Cha

pter1:Layer2Und

erlay

21


VirtualChassisFabricJunipersVirtualChassisFabric(VCF)technologycanbeusedtoconstructathreestageClosswitchingfabric.AVCFismadeupofindividualmemberswitchesthatareplacedintoaspineandleafarchitecture.ThewholeoftheVCFismanagedasasingledevice.

WecanidentifytwolayersintheVCFarchitecture;thespinelayerandtheleaflayer.Thespinelayercancontainuptofourspinenodes.Everyspinenodeshouldhave1ormoreconnectionstoeveryleafnode.ThespinesnodescanfunctionasaRouting-Engine(RE)orasaLineCard(LC).Upto16leafnodescanbeconnectedintheleaflayer.EveryleafdevicefunctionsasaLC.Routing-engines

ThespinelayercancontainuptotwodevicesthatfunctionasaRE.OneREisactiveandtheotherisstandby.TheactiveREiscalledthemasterREandthestandbyREiscalledthebackupRE.ThewholeoftheVCFiscontrolledbythemasterRE.ThismeansthatthatthemasterRErunsthecontrolprotocolsandmanagesalltheoftheVCFmemberswitches.Juniperoffershigh-availability(HA)featurestominimizetheeffectsincasethemasterREfails.TheseHAfeaturesincludeGracefulRoutingEngineSwitchover(GRES),NonStopRouting(NSR)andNonStopBridging(NSB).GREScanbeactivatedtopreserveinterfaceandkernelinformationonthebackupRE.NSRwillhavethebackupREruntheRPDwhereasNSBwillhavethebackupREruntheL2CPD.NonetheseHAfeaturesareactivebydefault,theyallrequireconfiguration.

Line-cards

DevicesthatareoperatinginLC-moderunonlysubsetofJunos.The‘regular’leafnodesaswellasspinenodesthatwerenotselectedasmasterorbackupREfunctioninLC-mode.


JNCIE-DC

Labworkboo

k:Cha

pter1:Layer2Und

erlay

22


VCFmanagement.

WheneveryoulogintoaVCFusinganyofthemembers'consoleports,youwillbeconnectedtothemasterRE.EverymemberswitchinsideaVCFrunsvirtualconsolesoftwareandwillredirectallconsoletraffictothemasterRE.ItisalsopossibletosetupavtysessiontoanothermemberswitchfromthemasterRE.Thiscanbedonethroughtheuseofthe'requestsessionmemberx'command.TheOoBinterfacesonalltheindividualmemberswitchesoftheVCFareautomaticallyplacedinsideamanagementVLAN.Thelayer3interfacetiedtothismanagementVLANiscalledthe'vme'interface,orVirtualManagementEthernetinterface.WhenyouconnecttothisIPaddress,oranyotherIPaddressconfiguredontheVCF,youwillautomaticallybeconnectedtothemasterRE.VirtualChassisControlProtocol.

AllswitchesinsidetheVCFruntheVirtualChassisControlProtocol(VCCP).TheVCCPisaJuniperproprietaryprotocolthatisbasedonIS-IS.SwitchesrunningVCCPexchangeLSA-baseddiscoverymessagesthatenablesthemtodiscovertheVCFtopology.Whendevicesaredonebuildingthetopology,theyrunanSPFalgorithmforeveryPFE.Theresultisaloop-freepathbetweeneveryPFEinsidetheVCF.WhentheswitchesrunSPF,theycantakeintoaccountmultiplepathsandwillautomaticallyloadsharetrafficacrossthelinks.

VCFconfigurationoptions.

Therearethreedifferentprovisioningoptions:

- non-provisioned:configureVCPandlettheresthappenautomatically.- pre-provisioned:staticallyconfigureeverymemberoftheVCFbyincludingtheswitchserial

number,member-IDandroleintheVCFconfiguration.- auto-provisioned:pre-provisiontheREswitchesonlyandhavetheotherswitchesautomatically

jointheVCFasLCs.VirtualChassisPorts.

TheconnectionsbetweenthespineandleafnodesarecalledVirtualChassisPort(VCP)connections.VCPscarrybothcontrolplaneaswellasforwardingplanetrafficwithintheVCF.Bydefault,portsonQFXswitchesoperateas'normal'Ethernetports.Any(non-channelized)QSFP+orSFP+portcanbeturnedintoaVCP.Thiscanbedonemanuallyorautomatically.


JNCIE-DC

Labworkboo

k:Cha

pter1:Layer2Und

erlay

30


Part1:MC-LAG

Figure1-Physicaltopology

Note:startingtopologyisconfiguredwithIP-addressingonly.


JNCIE-DC

Labworkboo

k:Cha

pter1:Layer2Und

erlay

31


Task1.1:ToRconfiguraton • ConfigureVLAN100oninterfacexe-0/0/0onbothvQFX1aswellasvQFX2.• ConfigureanIRBinterfacefortheVLAN.UsethefollowingIPaddresses:

vQFX1 192.168.100.1/30vQFX2 192.168.100.2/30

• Trafficbetweentheswitchesshouldbetagged.

Task1.2:MC-LAGpeers:server-facingconfiguration • ConfigurevQFX1andvQFX2asMC-LAGpeers.• UseIRB100tosourcetheICCPsession.Use'inetzero'astheMD5authenticationkey.• Setthemodeto‘active-active’anddeterminetheotherconfigurationparameters

yourself.• UsetheOoBnetworkforadditionalchecksbetweentheMC-LAGpeers,enablingthe

networktohandlesplit-brainscenarios.• Duringasplitbrain,vQFX2shouldbecometheinactiveMC-LAGpeer.• EnabletheMC-LAGinterfaceforVLANs10,11and12.

Task1.3:MC-LAGpeers:core-facingconfiguration • ConfigureanAEuplinktowardsthevMXrouters.• Useinterfacesxe-0/0/2andxe-0/0/3onbothvQFXdevices.• EnabletheuplinkfortheserverVLANs.• MakesurethatcommunicationsinsidetheserverVLANscantoleratethelossofan

uplink.

Task1.4:vMXLAGconfiguration • ConfigureVLAN101onbothvMX1aswellasvMX2.• ConfigureanIRBinterfacefortheVLAN.UsethefollowingIPaddresses:

vMX1 192.168.101.1/30vMX2 192.168.101.2/30

• Trafficbetweentheroutersshouldbetagged.• ThelinksbetweenthevMXroutersshouldbebundledintoaLAG.


JNCIE-DC

Labworkboo

k:App

endixCh

apter1

:Layer2Und

erlay

138

138 iNETZERO–JNCIE-DC(DATACENTER)WORKBOOKv1.0

set switch-options service-id 1 DonotforgettoconfiguretheVLANsthatareaddedtothetrunk.OnEX-switcheswithouttheELSconfiguration,acommiterrorwouldappearwhenVLANswereassignedtointerfaceswithoutbeingconfigured.TheELSissuesnosuchwarning.WhentheVLANconfigurationisskipped,theVLANswillnothandleanytraffic: set vlans vlan-10 vlan-id 10 set vlans vlan-11 vlan-id 11 set vlans vlan-12 vlan-id 12 vQFX2:TheconfigurationonthevQFX2issimilartotheonerequiredforvQFX1.ThehighlightedpartsoftheconfigurationemphasizewhatthedifferencesarefromthevQFX1configuration:set chassis aggregated-devices ethernet device-count 2 set interfaces xe-0/0/1 ether-options 802.3ad ae0 set interfaces ae0 aggregated-ether-options lacp active set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:00:11:22 set interfaces ae0 aggregated-ether-options lacp admin-key 1 set interfaces ae0 aggregated-ether-options mc-ae mc-ae-id 1 set interfaces ae0 aggregated-ether-options mc-ae redundancy-group 1 set interfaces ae0 aggregated-ether-options mc-ae chassis-id 1 set interfaces ae0 aggregated-ether-options mc-ae mode active-active set interfaces ae0 aggregated-ether-options mc-ae status-control standby set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk vlan members 10-12 set protocols iccp local-ip-addr 192.168.100.2 set protocols iccp authentication-key inetzero set protocols iccp peer 192.168.100.1 redundancy-group-id-list 1 set protocols iccp peer 192.168.100.1 backup-liveness-detection backup-peer-ip 10.10.20.8 set protocols iccp peer 192.168.100.1 liveness-detection minimum-interval 3000 set multi-chassis multi-chassis-protection 192.168.100.1 interface xe-0/0/0 set switch-options service-id 1 set vlans vlan-10 vlan-id 10 set vlans vlan-11 vlan-id 11 set vlans vlan-12 vlan-id 12


JNCIE-DC

Labworkboo

k:App

endixCh

apter1

:Layer2Und

erlay

139


Verification

Therearequiteafewthingsthatrequireverificationforthistask.Inthisexample,we'llstartourverificationattheinterfacelevelandthenmoveontochecktheMC-AEtogetherwithICCP.CheckingtheAEinterface:jncie@vQFX1> show interfaces terse | match ae xe-0/0/1.0 up up aenet --> ae0.0 ae0 up up ae0.0 up up eth-switch ThisoutputtellsusthatAE0isusing1physicallink(xe-0/0/1)andthattheAE0interfaceitselfisup.Thefirst'up'tellsusthelinkisadministrativelyenabledandthesecond'up'showsusthatthelinkisup.AdditionalverificationoftheAEinterfacecanbedoneasfollows:jncie@vQFX1> show interfaces ae0 extensive Physical interface: ae0 ) (MC-AE-1, active), Enabled, Physical link is Up Interface index: 662, SNMP ifIndex: 537, Generation: 1245 Link-level type: Ethernet, MTU: 1514, Speed: 10Gbps, BPDU Error: None, MAC-REWRITE ... Aggregate member links: 1 LACP info: Role System System Port Port Port priority identifier priority number key xe-0/0/1.0 Actor 127 00:00:00:00:11:22 127 1 1 xe-0/0/1.0 Partner 127 00:05:86:71:25:c0 127 1 5 LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx xe-0/0/1.0 980 941 0 0 Marker Statistics: Marker Rx Resp Tx Unknown Rx Illegal Rx xe-0/0/1.0 0 0 0 0 Protocol eth-switch, MTU: 1514, Generation: 793, Route table: 5 Flags: Trunk-Mode Thiscommandoutputsadditionalinformationoverthe'terse'option.InrelationtotheAEinterface,theinterestinginformationhereislocatedatthebottomoftheoutput.HereweseethelocalsystemidentifierusedinLACPpacketsbytheActor(localdevice),theLACPkeyinuseandtheamountofLACPPDUssendandreceivedonthephysicalinterface.TocheckwhatLACProlethedevicesoneithersideofthelinksassume(activeorpassive)weissuethefollowingcommand:


JNCIE-DC

Labworkboo

k:App

endixCh

apter1

:Layer2Und

erlay

140


jncie@vQFX1> show lacp interfaces Aggregated interface: ae0 LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity xe-0/0/1 Actor No No Yes Yes Yes Yes Fast Active xe-0/0/1 Partner No No Yes Yes Yes Yes Fast Active LACP protocol: Receive State Transmit State Mux State xe-0/0/1 Current Fast periodic Collecting distributing HereweseetheActor(localdevice)aswellasthepartner(remotedevice)isactivelytryingtoformaLAGusingthislink.Anotherverynicecommandtoconsiderduringtroubleshootingisthefollowing:jncie@vQFX1> show lacp statistics interfaces Aggregated interface: ae0 LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx xe-0/0/1 6739 6480 0 0 OnvQFX2,wecheckthefollowing:

- thelinkstatusoftheAEinterface- thestatusofthephysicallinkusedasmemberoftheLAG- theLACPsystemIDandtheLACPkeyID

jncie@vQFX2> show interfaces ae0 extensive Physical interface: ae0 ) (MC-AE-1, active), Enabled, Physical link is Up Interface index: 662, SNMP ifIndex: 542, Generation: 1805 Link-level type: Ethernet, MTU: 1514, Speed: 10Gbps, BPDU Error: None, MAC-REWRITE ... Aggregate member links: 1 LACP info: Role System System Port Port Port priority identifier priority number key xe-0/0/1.0 Actor 127 00:00:00:00:11:22 127 32769 1 xe-0/0/1.0 Partner 127 00:05:86:71:25:c0 127 2 5 LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx xe-0/0/1.0 6394 6123 0 0 Marker Statistics: Marker Rx Resp Tx Unknown Rx Illegal Rx xe-0/0/1.0 0 0 0 0 Protocol eth-switch, MTU: 1514, Generation: 1114, Route table: 5 Flags: Trunk-Mode


JNCIE-DC

Labworkboo

k:App

endixCh

apter1

:Layer2Und

erlay

141


Afterthis,wecheckwhatVLANsareactiveonthislink: jncie@vQFX1> show ethernet-switching interface ae0.0 Routing Instance Name : default-switch Logical Interface flags (DL - disable learning, AD - packet action drop, LH - MAC limit hit, DN - interface down, MMAS - Mac-move action shutdown, SCTL - shutdown by Storm-control ) Logical Vlan TAG MAC STP Logical Tagging interface members limit state interface flags ae0.0 8192 tagged vlan-10 10 1024 Forwarding tagged vlan-11 11 1024 Forwarding tagged vlan-12 12 1024 Forwarding tagged jncie@vQFX2> show ethernet-switching interface ae0.0 Routing Instance Name : default-switch Logical Interface flags (DL - disable learning, AD - packet action drop, LH - MAC limit hit, DN - interface down, MMAS - Mac-move action shutdown, SCTL - shutdown by Storm-control ) Logical Vlan TAG MAC STP Logical Tagging interface members limit state interface flags ae0.0 8192 tagged vlan-10 10 1024 Forwarding tagged vlan-11 11 1024 Forwarding tagged vlan-12 12 1024 Forwarding tagged AfterverifyingthenormalLAGoperations,wemoveovertotheMC-LAGverification.Theprimaryverificationcommandsatourdisposalare:

• showiccp-usedtocheckstatusinformationabouttheICCPprotocol• showinterfacemc-ae-usedtocheckstatusinformationabouttheMC-AEinterface

Inadditiontothesecommands,wecanalsousethe'showether-switchingtable'commandtoverifywhetherornotMACaddressesarebeinglearnedonbothoftheMC-LAGpeers.WestartoutverifyingtheICCPprotocolonvQFX1:jncie@vQFX1> show iccp Redundancy Group Information for peer 192.168.100.2 TCP Connection : Established Liveliness Detection : Up Backup liveness peer status: Up Redundancy Group ID Status 1 Up Client Application: l2ald_iccpd_client Redundancy Group IDs Joined: 1


JNCIE-DC

Labworkboo

k:App

endixCh

apter1

:Layer2Und

erlay

142


Client Application: lacpd Redundancy Group IDs Joined: 1 Theoutputbasicallytellsuseverythingweneedtoknow.vQFX1hasanICCPsessionwith192.168.100.2thatisestablished.The'Livenessdetection'tellsusthattheBFDsessionwasestablished.The'Backupliveness'statusinformsusoverthefactthatvQFX1can'see'vQFX2overanalternativepath(inthiscasetheOoBnetwork).NotethatwecanalsoverifyBFDthroughtheuseofthefollowingcommand:jncie@vQFX1> show bfd session Detect Transmit Address State Interface Time Interval Multiplier 192.168.100.2 Up 9.000 3.000 3 Here,weseeaBFDsessionformedwiththe192.168.100.2address,whichistheconfiguredICCPpeer.TheBFDstatusisupandthedetecttimeis9seconds.Next,wechecktheMC-AEinterfacestatusinformation:jncie@vQFX1> show interfaces mc-ae extensive Member Link : ae0 Current State Machine's State: mcae active state Local Status : active Local State : up Peer Status : active Peer State : up Logical Interface : ae0.0 Topology Type : bridge Local State : up Peer State : up Peer Ip/MCP/State : 192.168.100.2 xe-0/0/0.0 up MCAE Configuration Redundancy Group : 1 MCAE ID : 1 MCAE Mode : active_active Status Control : active Chassis ID : 0 LACP Configuration System ID : 00:00:00:00:11:22 Admin Key : 1 Wecheckthecommandoutputforthe'mcaeactivestate',indicatingthattheMC-AEisactiveandworking.The'LocalStatus'andthePeerStatus'telluswhetherornottheMC-LAGpeersareabletofunctionasapartofthisMC-LAG.Wheneverythingisoperational,thestatusis'active'.


JNCIE-DC

Labworkboo

k:App

endixCh

apter3

:Con

trollerle

ssOverla

y

460


Task3.19:Layer3VXLANgatewayconfiguration

• Configurethefollowinglayer3gatewaysonvMX3:VXLAN/VNI Gateway105 10.200.105.254106 10.200.106.254

• Configurethefollowinglayer3gatewaysonvMX4:VXLAN/VNI Gateway107 10.200.107.254108 10.200.108.254• OnlyimportVXLANsegmentsintotherouting-instancewhenthevMXoffersagateway

fortheVXLANsegment.• MakesurethereisIPconnectivitybetweenthedifferentsubnets

SolutionWeimporttherelevantVXLANsegmentintothevirtual-switchinstancebyconfiguringtheVNIinsidetheroutinginstanceunderthe[routing-instancesfabricprotocolsevpnvni-optionsvnixxxvrf-targettarget:65000:xxx]stanza.TomakesurethatthereisIPconnectivitybetweenthedifferentsubnets,wealsoneedtoadvertisethesubnetweconfigureontheIRBinterfaceintoOSPF.WecandothisbyincludingtheIRBinterfaceintheOSPFconfiguration.SincewedonotwanttodiscoveranyOSPFneighboradjacenciesinthissubnet,weusethekeyword'passive'.vMX3: set interfaces irb unit 105 family inet address 10.200.105.254/24 set interfaces irb unit 106 family inet address 10.200.106.254/24 set protocols ospf area 0.0.0.0 interface irb.105 passive set protocols ospf area 0.0.0.0 interface irb.106 passive set routing-instances fabric protocols evpn vni-options vni 105 vrf-target target:65000:105 set routing-instances fabric protocols evpn vni-options vni 106 vrf-target target:65000:106 set routing-instances fabric bridge-domains bd_105 vlan-id 105 set routing-instances fabric bridge-domains bd_105 routing-interface irb.105


JNCIE-DC

Labworkboo

k:App

endixCh

apter3

:Con

trollerle

ssOverla

y

461


set routing-instances fabric bridge-domains bd_105 vxlan vni 105 set routing-instances fabric bridge-domains bd_106 vlan-id 106 set routing-instances fabric bridge-domains bd_106 routing-interface irb.106 set routing-instances fabric bridge-domains bd_106 vxlan vni 106

vMX4: set interfaces irb unit 107 family inet address 10.200.107.254/24 set interfaces irb unit 108 family inet address 10.200.108.254/24 set protocols ospf area 0.0.0.0 interface irb.107 passive set protocols ospf area 0.0.0.0 interface irb.108 passive set routing-instances fabric protocols evpn vni-options vni 107 vrf-target target:65000:107 set routing-instances fabric protocols evpn vni-options vni 108 vrf-target target:65000:108 set routing-instances fabric bridge-domains bd_107 vlan-id 107 set routing-instances fabric bridge-domains bd_107 routing-interface irb.107 set routing-instances fabric bridge-domains bd_107 vxlan vni 107 set routing-instances fabric bridge-domains bd_108 vlan-id 108 set routing-instances fabric bridge-domains bd_108 routing-interface irb.108 set routing-instances fabric bridge-domains bd_108 vxlan vni 108

http://www.inetzero.com-Copyright2017iNETZERO.AllrightsreservedForpersonalnoncommercialuseonly–donotdistribute-SteganoID=ON

JNCIE-DC

Labworkboo

k:App

endixSupe

rlab

782


DEMO END

For more information: www.inetzero.com

(data center) - inetzero · pdf filefor juniper networks ® - jncie-dc 2017 lab exam . ......

Documents