Country Flag: NIGERIA
Author: Krzysztof Szarkowicz
Title: Tuning LSP Choice in L3VPN
Type: Service Provider
Difficulty: High (2 points).
Technical Description: With a maximum of five set commands, make sure that all traffic in VPN-A uses the RSVP tunnels in MESH-A, while all traffic in VPN-B uses RSVP tunnels in MESH-B.
In this topology, PE1 is BGP Route Reflector, while PE2 and PE3 are RR clients.
There are two full meshes of RSVP tunnels configured between all three PE routers:
However, at the moment, transport for VPN-2 is not fully correct. Indeed, sometimes the tunnel from Mesh A is used, instead of Mesh B. For example, at PE2:
juniper@PE2> show route table VPN-2
VPN-2.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.20.11/32 *[BGP/170] 02:58:29, localpref 100, from 172.16.0.11
AS path: I, validation-state: unverified
> to 10.10.10.0 via ge-0/0/2.0, label-switched-path PE2-->>--PE1--MESH-A /* Not correct */
192.168.20.12/32 *[Direct/0] 02:59:34
> via lo0.2
192.168.20.13/32 *[BGP/170] 02:58:04, localpref 100, from 172.16.0.11
> to 10.10.10.5 via ge-0/0/1.0, label-switched-path PE2-->>--PE3--MESH-B /* Correct */
To solve this challenge your task is to fix the issue, so that:
juniper@PE2> traceroute routing-instance VPN-2 192.168.20.13 no-resolve
traceroute to 192.168.20.13 (192.168.20.13), 30 hops max, 40 byte packets
1 192.168.20.13 22.977 ms 30.254 ms 30.114 ms
Here are the requirements for the configuration changes:
user@router# set interfaces ge-0/0/3 mtu 1500 unit 1 vlan-id 1 family inet
user@router# show interfaces ge-0/0/3 | display set
set interfaces ge-0/0/3 mtu 1500
set interfaces ge-0/0/3 unit 1 vlan-id 1
set interfaces ge-0/0/3 unit 1 family inet
To solve this challenge submit the five set commands issued at which router. Tip: there are actually two significantly different solutions. Earn an extra point by submitting both.
NOTE: If you have issues connecting to the Junosphere topology please check Junosphere Technical documentation, or request assistance in the Junosphere forum
There are two types of solution, all of them consisting of 5 set commands executed at PE1.
Solution type 1 matches on the existing route attributes:
set protocols bgp group IBGP export PL-BGP-EXP
set protocols bgp group IBGP vpn-apply-export
set policy-options policy-statement PL-BGP-EXP from protocol direct
set policy-options policy-statement PL-BGP-EXP from community RT-VPN-2
set policy-options policy-statement PL-BGP-EXP then next-hop 172.16.1.11
Solution type 2 locally changes a route attribute:
set policy-options policy-statement PL-VPN-2-EXP then tag 200
set policy-options policy-statement PL-BGP-EXP from tag 200