Junos Cup 2014
Junos Cup 2014

Tournament 4: Nigeria & Solution: Tuning LSP Choice in L3VPN

[ Edited ]
‎07-03-2014 07:06 AM

Country Flag: NIGERIA

 

Author: Krzysztof Szarkowicz

 

Title: Tuning LSP Choice in L3VPN

 

Type: Service Provider

 

Difficulty: High (2 points).

 

Technical Description: With a maximum of five set commands, make sure that all traffic in VPN-A uses the RSVP tunnels in MESH-A, while all traffic in VPN-B uses RSVP tunnels in MESH-B.

 

Topology:

 

Nigeria-Topolog

Challenge Instructions:

In this topology, PE1 is BGP Route Reflector, while PE2 and PE3 are RR clients.

 

There are two full meshes of RSVP tunnels configured between all three PE routers:

  • Mesh A to transport traffic of VPN-1
  • Mesh B to transport traffic of VPN-2

 

However, at the moment, transport for VPN-2 is not fully correct. Indeed, sometimes the tunnel from Mesh A is used, instead of Mesh B. For example, at PE2:

 

 

juniper@PE2> show route table VPN-2

 

VPN-2.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

 

192.168.20.11/32   *[BGP/170] 02:58:29, localpref 100, from 172.16.0.11

                      AS path: I, validation-state: unverified

                    > to 10.10.10.0 via ge-0/0/2.0, label-switched-path PE2-->>--PE1--MESH-A     /* Not correct */

192.168.20.12/32   *[Direct/0] 02:59:34

                    > via lo0.2

192.168.20.13/32   *[BGP/170] 02:58:04, localpref 100, from 172.16.0.11

                      AS path: I, validation-state: unverified

                    > to 10.10.10.5 via ge-0/0/1.0, label-switched-path PE2-->>--PE3--MESH-B     /* Correct */

 

To solve this challenge your task is to fix the issue, so that:

 

  • VPN-A uses only LSPs from Mesh-A (both RIB and FIB).
  • VPN-B uses only LSPs from Mesh-B (both RIB and FIB).
  • After the fix, you need to verify that all three PE routers (PE1, PE2, PE3) have a correct RIB/FIB state (VPN-1 via Mesh-A, VPN-2 via Mesh-B).
  • No IP lookup (only MPLS lookup) is performed on transit routers:
    • For example, if a VRF-sourced packet goes from PE1 to PE3 via PE2, on PE2 only MPLS lookup is allowed for that packet.
    • As a result, traceroute between VRF loopbacks should show one single hop:

 

juniper@PE2> traceroute routing-instance VPN-2 192.168.20.13 no-resolve

traceroute to 192.168.20.13 (192.168.20.13), 30 hops max, 40 byte packets

 1  192.168.20.13  22.977 ms  30.254 ms  30.114 ms

 

Here are the requirements for the configuration changes:

 

  • You are not allowed to configure LDP.
  • You should not modify the local-preference, the origin, or the metric of any route (direct, IGP, BGP, RSVP, etc...).
  •  The commands edit, configure, commit are needed but are not counted towards the solution.
  • Before committing the configuration, execute “show | compare”. No line should start with a minus (-) sign.
  • If you add up the number of set commands executed in all the routers (#set @PE1 + #set @PE2 + #set @PE3), this total number should not exceed five commands.
  • The number of set commands is counted according to the “display set” output. For example, the following set command actually counts as three set commands, instead of one:

 

user@router# set interfaces ge-0/0/3 mtu 1500 unit 1 vlan-id 1 family inet                      

 

[edit]

user@router# show interfaces ge-0/0/3 | display set

set interfaces ge-0/0/3 mtu 1500

set interfaces ge-0/0/3 unit 1 vlan-id 1

set interfaces ge-0/0/3 unit 1 family inet

 

To solve this challenge submit the five set commands issued at which router. Tip: there are actually two significantly different solutions. Earn an extra point by submitting both.

 

NOTE: If you have issues connecting to the Junosphere topology please check Junosphere Technical documentation, or request assistance in the Junosphere forum 

 

OFFICIAL SOLUTION:

 

There are two types of solution, all of them consisting of 5 set commands executed at PE1.

 

Solution type 1 matches on the existing route attributes:

 

set protocols bgp group IBGP export PL-BGP-EXP

set protocols bgp group IBGP vpn-apply-export

set policy-options policy-statement PL-BGP-EXP from protocol direct

set policy-options policy-statement PL-BGP-EXP from community RT-VPN-2

set policy-options policy-statement PL-BGP-EXP then next-hop 172.16.1.11

 

Solution type 2 locally changes a route attribute:

 

set protocols bgp group IBGP export PL-BGP-EXP

set protocols bgp group IBGP vpn-apply-export

set policy-options policy-statement PL-VPN-2-EXP then tag 200

set policy-options policy-statement PL-BGP-EXP from tag 200

set policy-options policy-statement PL-BGP-EXP then next-hop 172.16.1.11

 


 

 

Julie Wider
Advocacy Manager
Twitter: @JNetCommunity & @jawider