Juniper SP Lab v2

Hola amigos.

Thank you for attention to the lab.

I got few very nice feedbacks about the “Juniper SP Lab” and complaints about such massive RAM requirements as well :)
Those complaints motivated me to decrease the requirements somehow, and this is the result – same topology now available with 4GB DRAM VM!
All possible detailed information provided below.

UPDATED: http://sk1f3r.ru/jlab 

1. Introduction

Highly recommended to met with source lab before read further – http://sk1f3r.ru/jlab-1.

Lab download directory – here:

  • VM ova file – UNETLAB_Juniper-SP_160124_00.ova;
  • Visio topology – UNETLAB_Juniper-SP_160106_01.vsd;
  • vMX 14.1 qcow2 image – hda.qcow2;
  • All devices configs – CONFIG;
  • UNL topology file – MPLS-LAB1.unl.

2. Topology

This is how the topology looks like in UNL web:

jlab-topology_unl-web_00

All SP devices are logical systems inside single MX router. This great article @ packetpushers.net is very helpful to understand logical systems.
As a result, they are interconnected with logical tunnel interfaces – lt. So the full topology remains the same except those lt interfaces (click to enlarge):

jlab-topology_visio_00

SP services for Customer 1, VLANIDs, CE-facing interfaces remains the same, except the interface ge-0/0/2 @ PE3 was moved to ge-0/0/4.
SP interfaces and loopbacks information are depicted below (click to enlarge):

jlab-topology_sp-loopbacks_00 jlab-topology_sp-ifaces_00

3. What is new

3.1. Management

At first, a dedicated management interface on MX device is presented – fxp0. Please, manually install a correct IP-address from a network where your and UNL IP-addresses are. That IP is available via SSH and uses to connect to P device. As you know, Unetlab connects you directly to a device console, so it is not possible to get multiple separated CLIs on the P device.
For ease of management, have been prepared individual users for each of the SP devices. When using the usernames to authenticate you get into the desired terminal device:

3.2. IS-IS

IS-IS now is a primary IGP of SP network. OSPF stanza deactivated.

jlab-topology_isis_00A complexity of IS-IS topology is intended because different types of interaction allow better understand a technology.

If you want to use OSPF instead of IS-IS use such commands:

3.3. Dynamic LSPs

Dynamic RSVP LSPs were deactivated, and static constraint-based LSPs are in use. Static LSPs are providing more configuration readability.
Activate manually in case of emergency.

3.4. Groups

Configuration groups do not exist anymore, and all relative sections are configured manually to provide more readability.

4. Caveats

  1. Some features like L2VPN with LDP signaling are not working if CE presented as a logical-systems (further as LS), that’s why CEs remains separated.
  2. If a configuration candidate created in a master LS (P device), there is no way to commit in any LS. Commit in master then commits in others.
  3. To define any interface as a part of LS set the interface from the master logical system at first.
    An example, to create interface lo0.123 in LS PE1 use this command:
    set logical-systems PE1 interface lo0.123
    And only after that you can make some changes to that interface in the target LS.
  4. Syslog messages available only in master LS. I would recommend use specially created Syslog file to monitor all important events:
    monitor start PROTO.log

 

[!] Anyone may use the text and pictures in this article without mentioning the author and reference to the source.

SHARE: Tweet about this on TwitterShare on FacebookShare on VKShare on LinkedInShare on Google+Email this to someone
  • Сергей

    Добрый день!
    В лабе которую открываю не настроен ip адрес по которому можно его открыть в http.

    • Sk1f3r

      Здравствуйте, Сергей.
      Вероятно, вы имели ввиду адрес для доступа к панели управления Unetlab, так как сама лаба никакого управления по HTTP не подразумевает.
      По умолчанию виртуальная машина Unetlab пытается получить IP-адрес по DHCP. В моей сети такой сервис есть и адрес назначается автоматически. Этот адрес, будучи назначенным, показывается в консоли виртуальной машины перед приглашением аутентификации. Если такого сервиса у вас нет, можно назначить вручную. Только надо не забыть добавить этот адрес в конфигурационные файлы, чтобы после перезагрузки IP-адрес остался.