Juniper SP Lab v3


Welcome back, friends!

I’m pleased to announce the newest and the last version of Juniper Service Provider Lab that covers even more JNCIP-SP topics.

Moreover, all devices now exist in a single vMX device, so an amount of RAM your station needs to start exploration is about 2,5 GB (2GB for vMX + 512MB for UNL Linux host).

The comprehensive bunch of information to help with a journey presented below.

Current topology


Main information

At first, this VM has been updated up to latest UNL version – UNetLab 1.0.0-4, released few hours ago.

VM exported as compatible with VMware ESXi 5.1, Fusion 5+ and Workstation 9+.

All kind of information and, of course, the VM itself may be downloaded here.

A hierarchy of folder explained below:

  • VM – virtual machine file as an OVA template and if you have any problems with import, “vmdk” file presented separately;
  • PICTURES – figures about most sides of the lab;
  • VISIO – the source Visio file as PDF;
  • CONFIG – the configuration from P1 point of view, as a master logical system;
  • VMX – a virtual image of vMX 14.1 for UNL;
  • UNL – topology file for UNL, to import manually if you don’t want to add new VM.

Protocols and services

The list of protocols involved to virtual infrastructure is following:

  • MPLS
    • Auto-bandwidth
    • Point-to-point LSP
    • Point-to-multipoint LSP
    • RSVP
      • Primary/secondary paths
      • Strict next-hop
      • Fast reroute
      • LSP optimization
      • Routing table integration options for TE
      • TED
    • LDP
      • Directly connected session
      • Targeted session
  • OSPFv2
    • Standard
    • Stub
    • NSSA
    • Traffic engineering
  • ISIS
    • Level 1
    • Level 2
    • Route leaking
    • TE Shortcuts
  • MP-BGP
    • family l2vpn
    • family inet
    • family inet-vpn
    • Route reflection
    • Export/import
    • Communities
  • PIM
    • Sparse mode
    • Static RP

And much more features like Inter-AS, virtual tunnels, etc.

The list of services created and successfully functioning in vMX is following:

  • [11] L2VPN-M – MPLS L2VPN Martini – RFC4906;
  • [12] L2VPN-K – MPLS L2VPN Kompella – RFC6624;
  • [21] VPLS-B – VPLS BGP signaling – RFC4761;
  • [22] VPLS-L – VPLS LDP signaling – RFC4762;
  • [31] L3VPN – MPLS L3VPN BGP – RFC4364;
  • [51] NG-MVPN – MPLS Next-generation Multicast VPN – RFC6513.


The lab at the moment looks such:

As shown above, not only the topologies are presented but lists of CLI commands which definitely should help to get hands dirty faster.

The start

I hope it’s needless to say about an importance to check that virtualization support is enabled because normally it resets within an export.


The first step after VM has been started and loaded till CLI prompt, is to set up an IP address to the management interface.

Click P device in UNL web-interface to get master logical system CLI and then:

From that moment you are able to use SSH and connect in specified logical system, with the following authentication pair:

An example, to get logical system PE4 CLI use “AdminPE4” username.
“Juniper1” is the password for every username in UNL Linux shell and web interface as well.

Authentication data:

Where Username Password
Linux shell root Juniper1
Web UI admin
vMX master system (P1) root or AdminP1
vMX logical systems Admin<LS-name>



NG-MVPN service requires the external source of multicast traffic. For such purpose, I would recommend use this free software.
P2 device has the interface connected to the same network as em0 (OOB) in a previous part, so all we need to do is set up the another one IP address from the network with your end station.

Execute the sender, enter address or and watch the flow.


Additional information

Some bugs detected and sometimes made me angry:

  • vMX can’t make more than 12 “GE” interfaces – 2 system, 10 are available to configure. That is why SP2 connections were made with LT interfaces;
  • IS-IS topology created as non-optimal intentionally. If you don’t get why such topology is wrong in real world – disable interface lt-0/0/0.310 at PE3 and watch how LSPs going down with almost empty TED;
  • Draft Rosen MVPN is not available in logical systems, but fortunately, that service is not discussed in JNCIP-SP exam;
  • EVPN is not available in logical systems, at least in vMX version 14.1, and this is sad even if the service is not discussed in the exam;
  • At the moment, the painful bug in UNL exists – the error with code 20003, which eventually delete a lab and only way to get it is to use text fields at WebUI.

I would recommend starting a work with such commands on P1:

“PROTO.log” is the file to collect a lot of informative system messages about links (up/down), ISIS, OSPF, LDP, RSPV, MPLS, BFD, PIM, BGP and few other.
In CLI, it is powered by these block of configuration:

Feel free to ask in comments how and why the things are as they are.

Notice: current lab can be shared in any way for academic and learning usage.
Diagrams or any presented elements cannot be used for financial benefit.
Please, respect all time I had spent to prepare and share all this with you.
Thank you.



  • Unetlab VM updated to release 1.0.0-6;
  • Lab IP addresses information in WebUI;
  • Login banner with an authentication policy explanation;
  • LSP priority;
  • “overload” statement deleted from P1 IS-IS;
  • “virtio” support had disabled for vMX, so fxp0 interface is available again;
  • other minor changes.