Advanced Juniper Networks

Routing in the Enterprise

8.a

Lab Diagrams

1194 North Mathilda Avenue

Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Course Number: EDU-JUN-AJRE

Juniper Networks, the Juniper Networks logo, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other
countries. JUNOS and JUNOSe are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks
are the property of their respective owners.
Advanced Juniper Networks Routing in the Enterprise Lab Diagrams, Revision 8.a
Copyright 2006, Juniper Networks, Inc.
All rights reserved. Printed in USA.
Revision History:
Revision 8.aDecember 2006
The information in this document is current as of the date listed above.

od
uc
t

io
n

The information in this document has been carefully verified and is believed to be accurate for software Release 8.0R2. Juniper Networks assumes no
responsibilities for any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary,
incidental or consequential damages resulting from any defect or omission in this document, even if advised of the possibility of such damages.

Juniper Networks reserves the right to change, modify, transfer or otherwise revise this publication without notice.
YEAR 2000 NOTICE

Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The JUNOS software has no
known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
SOFTWARE LICENSE

ep
r

The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to the extent
applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, you indicate that you
understand and agree to be bound by those terms and conditions.

ot

Fo
rR

Generally speaking, the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certain uses.
The software license may state conditions under which the license is automatically terminated. You should consult the license for further details.

ot

Copyright 2005 Juniper Networks, Inc.

NOTE: These are all implemented as

virtual router routing instances on
Sydney. You can log in to Sydney
and use it as a route server to examine
routing tables and execute ping and
traceroute for each of these virtual
routers. See your lab guide for more
details.

AS 65010

ISP A

AS 65020

ISP B

od
uc
t

ep
r

Fo
rR

The Internet in the Lab

Proprietary and Confidential

io
n

AS 65030

ISP C

www.juniper.net

ot

isp-b

isp-c

od
uc
t

Proprietary and Confidential

Routing Protocols

Routing Protocols

Routing Protocols

Copyright 2005 Juniper Networks, Inc.

Interfaces

Interfaces

Interfaces

io
n

www.juniper.net

Routing Table (isp-a.*) Routing Table (isp-b.*) Routing Table (isp-c.*)

isp-a

ep
r

Routing Protocols

Interfaces

Routing Table (*)

(master)

Fo
rR

The Internet in the Lab

ot

Copyright 2005 Juniper Networks, Inc.

AS 65010

ISP A

od
uc
t

io
n

AS 65030

ISP C

Proprietary and Confidential

instructor@Sydney> show configuration routing-instances isp-a

instance-type virtual-router;
interface fe-2/0/1.15;
interface fe-2/0/1.16;
interface lo0.1;
ISP B
routing-options {
AS 65020
aggregate {
route 172.17.32.0/21;
}
router-id 172.17.32.1;
autonomous-system 65010;
}
protocols {
bgp {
group full-route-customers {
neighbor 172.17.39.18 {
description "HongKong to isp-a";
peer-as 65108;
}
}
[...]

ep
r

traceroute routing-instance isp-a

show route table isp-a

Fo
rR

ping routing-instance isp-a

The Internet in the Lab

www.juniper.net

ot

0
0/
/
-1
se

se1/0
/1

Copyright 2005 Juniper Networks, Inc.

AS 65108

lo0: 8.1, 8.254

Hong Kong

AS 65010

ISP A

lo0: 9.1, 9.254

Tokyo

AS 65109

Loopback addresses: 10.14.y.z

201

101

103

108
208

203

AS 65115

lo0: 15.1, 15.254

Sao Paulo

se-1/0/0

202
102

107

104

Frame Relay
Network

io
n
AS 65114

lo0: 14.1, 14.254

Denver

se 1/0
/1

1
/0/
1
e
s

www.juniper.net

AS 65113

lo0: 13.1, 13.254

San Jose

AS 65030

ISP C

lo0: 12.1, 12.254

Montreal

AS 65112

Proprietary and Confidential

se-1/0/1

207

206

205

106

105

204

se-1/0/0

lo0: 11.1, 11.254

Amsterdam

AS 65111

od
uc
t

ep
r

Fo
rR

se-1/0/0

lo0: 10.1, 10.254

London

AS 65110

Lab 1a: Policy

ot

se1
.2 /0/1

Copyright 2005 Juniper Networks, Inc.

lo0: 8.1, 8.254

0
0/
/
-1
se
Hong Kong .1

lo0: 9.1, 9.254

Tokyo

Serial addresses: 192.168.25.x/30

Loopback addresses: 10.14.y.z

601

602

608

lo0: 15.1, 15.254

Sao Paulo

.14
se-1/0/0

603

Amsterdam

Frame Relay
Network

Denver

se -

1/0
/1
.10

1
/0/
se-1
.9

Montreal

www.juniper.net

lo0: 13.1, 13.254

San Jose

lo0: 12.1, 12.254

Proprietary and Confidential

io
n
.13
se-1/0/1

606

605

lo0: 14.1, 14.254

607

604

se-1/0/0
.6

lo0: 11.1, 11.254

od
uc
t

ep
r

Fo
rR

se-1/0/0
.5

lo0: 10.1, 10.254

London

Lab 1b: Policy

ot

.236

Hong Kong

AS 65240

lo0: 10.14.243.255

.238

Copyright 2005 Juniper Networks, Inc.

lo0: 10.14.243.253

Group A

All fe-2/0/1
VLAN 240
10.14.243.x/28

.237

lo0: 10.14.243.254

Tokyo

.238

lo0: 10.14.255.254

Sao Paulo .237

se-1/0/0

0
0/
/
-1
se

se
-1/
0/
1

se-1/0/0

lo0: 10.14.247.255

London

Group B
.236

lo0: 10.14.247.253

lo0: 10.14.255.253

Group D

.236

All fe-2/0/1
VLAN 252
10.14.255.x/28

AS 65252

.238

.237

Amsterdam

lo0: 10.14.255.255

.237

All fe-2/0/1
VLAN 248
10.14.251.x/28

.238

AS 65248

lo0: 10.14.251.254

Proprietary and Confidential

io
n
se-1/0/1

Denver

Montreal
lo0: 10.14.251.255

se-1/0/1 San Jose

se-1/0/1

se-1/0/0

lo0: 10.14.247.254

od
uc
t
AS 65030

ISP C

AS 65010

ISP A

ep
r

AS 65244

All fe-2/0/1
VLAN 244
10.14.247.x/28

Fo
rR

Lab 2: BGP Routing

Group C

www.juniper.net

.236

lo0: 10.14.251.253

ot

/0/1

Hong Kong se-1 30

4/
lo0: 192.168.25.1 8.1
lo0: 192.168.25.6

lo0: 192.168. 25.7

Denver

Copyright 2005 Juniper Networks, Inc.

/1
/0
0
fe .10
8

lo0: 192.168.25.8

10.1/26

Sao Paulo fe-2/0/1

od
uc
t
fe-2/0/1
8.65/27

se-1/0/1
8.18/30 Amsterdam
lo0: 192.168.25.4

London
lo0: 192.168.25.3

www.juniper.net

fe-2/0/1
Tokyo
11.129/27 lo0: 192.168.25.2

fe-2/0/1
11.1/27

VLAN 105

Proprietary and Confidential

io
n

fe-2/0/0
Montreal se-1/0/0
8.2/30 lo0: 192.168.25.5 8.17/30
/1
/0 .9
0
- 8
fe

ep
r

8.1/30

San Jose fe-2/0/0

ISP A

se-1/0/0
8.21/30

Clocking Mode = Internal (provide serial interface timing)

VLAN 101

se-1/0/0
8.13/30

fe
17 -2/0
2
.1 /1 V
7
.
38 LA
.2 N
0
/2 16
9

Fo
rR

Interface addresses: 10.14.x.y (except as noted)

Loopback addresses: 192.168.25.x/32

fe
11 -2/0
.
6
5/2 /1
7

Lab 3a: IGP Conversion

VLAN 103

se-1/0/1
8.22/30

fe-0/0/1
8.30/30

/1
2/0 27
fe 5 /
9.6

VLAN 104

1
0/
0/ 30
fe .5/
8

VLAN 100

/0
/0 0
2
3
fe 8.6/

se-1/0/1
8.25/30
se-1/0/0
8.26/30

15
9
N
A 0/2
L
2
V 7.
1
0/ 7.3
/
-2 1
fe 72.
1

fe-0/0/1
8.29/30

VLAN 102

ot

Hong Kong se-1 30

4/
lo0: 192.168.25.1 8.1

/0/1

Area 1
10.14.9.0/24
lo0: 192.168.25.6

ep
r

Denver

Copyright 2005 Juniper Networks, Inc.

od
uc
t
lo0: 192.168.25.8

10.1/26

Sao Paulo fe-2/0/1

Area 2
10.14.10.0/24

fe-2/0/1
lo0: 192.168. 25.7 10.65/27

/1
/0
0
fe .10
8

se-1/0/1
8.18/30 Amsterdam
lo0: 192.168.25.4

Area 3
10.14.11.0/24

London
lo0: 192.168.25.3

www.juniper.net

fe-2/0/1
Tokyo
11.129/27 lo0: 192.168.25.2

fe-2/0/1
11.1/27

VLAN 105

Proprietary and Confidential

io
n

fe-2/0/0
Montreal se-1/0/0
8.1/30
8.2/30 lo0: 192.168.25.5 8.17/30
/1
/0 .9
0
Area 0
- 8
fe

San Jose fe-2/0/0

Clocking Mode = Internal (provide serial interface timing)

VLAN 101

se-1/0/0
8.13/30

fe
17 -2/0
2
.1 /1 V
7
.
38 LA
.2 N
0
/2 16
9

Fo
rR
ISP A

fe
11 -2/0
.
6
5/2 /1
7

Interface addresses: 10.14.x.y (except as noted)

Loopback addresses: 192.168.25.x/32

se-1/0/0
8.21/30
se-1/0/1
8.22/30

1
0/
0/ 30
fe .5/
8

VLAN 104

/1
2/0 27
fe 5 /
9.6

fe-0/0/1
8.30/30

Lab 3b: IGP Conversion

/0
/0 0
2
3
fe 8.6/

VLAN 100

VLAN 103

se-1/0/1
8.25/30
se-1/0/0
8.26/30

15
9
N
A 0/2
L
2
V 7.
1
0/ 7.3
/
-2 1
fe 72.
1

fe-0/0/1
8.29/30

VLAN 102

ot

Hong Kong se-1 30

4/
lo0: 192.168.25.1 8.1

/0/1

Area 1
10.14.9.0/24
lo0: 192.168.25.6

Denver

Copyright 2005 Juniper Networks, Inc.

od
uc
t
lo0: 192.168.25.8

10.1/26

Sao Paulo fe-2/0/1

Area 2
10.14.10.0/24

fe-2/0/1
lo0: 192.168. 25.7 10.65/27

/1
/0
0
fe .10
8

se-1/0/1
8.18/30 Amsterdam
lo0: 192.168.25.4

Area 3
10.14.11.0/24

London
lo0: 192.168.25.3

www.juniper.net

fe-2/0/1
Tokyo
11.129/27 lo0: 192.168.25.2

fe-2/0/1
11.1/27

VLAN 105

Proprietary and Confidential

io
n

fe-2/0/0
Montreal se-1/0/0
8.1/30
8.2/30 lo0: 192.168.25.5 8.17/30
/1
/0 .9
0
Area 0
- 8
fe

San Jose fe-2/0/0

fe
17 -2/0
2
.1 /1 V
7
.
38 LA
.2 N
0
/2 16
9

Clocking Mode = Internal (provide serial interface timing)

VLAN 101

se-1/0/0
8.13/30

ep
r

Fo
rR
ISP A

fe
11 -2/0
.
6
5/2 /1
7

Interface addresses: 10.14.x.y (except as noted)

Loopback addresses: 192.168.25.x/32

se-1/0/0
8.21/30
se-1/0/1
8.22/30

1
0/
0/ 30
fe .5/
8

VLAN 104

/1
2/0 27
fe 5 /
9.6

fe-0/0/1
8.30/30

Lab 4a: CRTP

/0
/0 0
2
3
fe 8.6/

VLAN 100

VLAN 103

se-1/0/1
8.25/30
se-1/0/0
8.26/30

15
9
N
A 0/2
L
2
V 7.
1
0/ 7.3
/
-2 1
fe 72.
1

fe-0/0/1
8.29/30

VLAN 102

ot

se-1/0/0
/0/1
Hong Kong se-1 30
4/
lo0: 192.168.25.1 8.1

Area 1
10.14.9.0/24
lo0: 192.168.25.6

San Jose

Denver

Copyright 2005 Juniper Networks, Inc.

od
uc
t
lo0: 192.168.25.8

10.1/26

Sao Paulo fe-2/0/1

Area 2
10.14.10.0/24

fe-2/0/1
lo0: 192.168. 25.7 10.65/27

/1
/0
0
fe .10
8

ep
r

fe-2/0/0
8.1/30

se-1/0/0
se-1/0/1
8.18/30 Amsterdam
lo0: 192.168.25.4

Area 3
10.14.11.0/24

London
lo0: 192.168.25.3

www.juniper.net

fe-2/0/1
Tokyo
11.129/27 lo0: 192.168.25.2

fe-2/0/1
11.1/27

VLAN 105

Proprietary and Confidential

io
n

se-1/0/0
fe-2/0/0
Montreal se-10/1
8.2/30 lo0: 192.168.25.5 8.17/30
/1
/0 .9
0
Area 0
- 8
fe

ISP A

Clocking Mode = Internal (provide serial interface timing)

VLAN 101

se-1/0/0
se-1/0/1
8.13/30

fe
17 -2/0
2
.1 /1 V
7
.
38 LA
.2 N
0
/2 16
7

Fo
rR

Interface addresses: 10.14.x.y (except as noted)

Loopback addresses: 192.168.25.x/32

/1
2/0 27
fe 5 /
9.6

VLAN 104

1
0/
0/ 30
fe .5/
8

se-1/0/0
se-1/0/1
8.21/30
se-1/0/0
se-1/0/1
8.22/30

fe
11 -2/0
.
6
5/2 /1
7

Lab 4b: Multilink PPP

/0
/0 0
2
3
fe 8.6/

VLAN 100

VLAN 103

se-1/0/0
se-1/0/1
8.26/30

15
7
N
A 0/2
L
2
V 7.
1
0/ 7.3
/
-2 1
fe 72.
1

fe-0/0/1
8.30/30

fe-0/0/1
8.29/30
se-1/0/0
se-1/0/1
8.25/30

VLAN 102

ot

0
0/
/
-1
se

se1/0
/1

Copyright 2005 Juniper Networks, Inc.

AS 65108

lo0: 8.1, 8.254

Hong Kong

AS 65010

ISP A

lo0: 9.1, 9.254

Tokyo

AS 65109

Loopback addresses: 10.14.y.z

201

101

102

108
208

203

AS 65115

lo0: 15.1, 15.254

Sao Paulo

se-1/0/0

202

103

107

104

Frame Relay
Network

io
n
AS 65114

lo0: 14.1, 14.254

Denver

se 1/0
/1

1
/0/
1
e
s

www.juniper.net

AS 65113

lo0: 13.1, 13.254

San Jose

AS 65030

ISP C

lo0: 12.1, 12.254

Montreal

AS 65112

Proprietary and Confidential

se-1/0/1

207

206

205

106

105

204

se-1/0/0

lo0: 11.1, 11.254

Amsterdam

AS 65111

od
uc
t

ep
r

Fo
rR

se-1/0/0

lo0: 10.1, 10.254

London

AS 65110

Lab 5a: Firewall Policy and NAT

ot

Copyright 2005 Juniper Networks, Inc.

X Values
Hong Kong=200
Tokyo=201
London=202
Amsterdam=203
Montreal=204
San Jose=205
Denver=206
Sao Paulo=207

X.2/24

od
uc
t

ep
r

fe-2/0/1 Hong Kong

X.1/24

VLAN X

Fo
rR

Hong Kong VR fe-2/0/1

Fast Ethernet addresses: 192.168.x.z

Loopback addresses: 10.14.y.z

Internet

Proprietary and Confidential

io
n

Lab 5b: Firewall Policy and NAT

www.juniper.net

ot

lo0: 8.1, 8.254

Copyright 2005 Juniper Networks, Inc.

Hong Kong

192.168.200.2

lo0: 9.1, 9.254

192.168.201.2

HongKong-vr

Tokyo

Tokyo-vr

Loopback addresses: 10.14.y.z

VR Fast Ethernet addresses: 192.168.x.z/24
(See Lab 5b for more VR configuration.)
London

Denver

Denver-vr
192.168.206.2

192.168.207.2

lo0: 14.1,14.254

od
uc
t

lo0: 11.1,11.254

Amsterdam

192.168.203.2

Amsterdam-vr

SaoPaulo-vr

lo0: 15.1,15.254

Sao Paulo

lo0: 10.1,10.254

Internet

ep
r

Fo
rR
192.168.202.2

London-vr

Lab 6: IPSec VPNs

www.juniper.net

192.168.205.2

Proprietary and Confidential

io
n

SanJose-vr
San Jose

192.168.204.2

lo0: 13.1,13.254

Montreal-vr

Montreal
lo0: 12.1,12.254

ot

lo0: 8.1, 8.254

Copyright 2005 Juniper Networks, Inc.

Hong Kong

200.2, 200.254

lo0: 9.1, 9.254

201.2, 201.254

HongKong-vr

Tokyo

Tokyo-vr

Loopback addresses: 10.14.y.z

VR Fast Ethernet addresses: 192.168.x.z/24
(See Lab 5b for more VR configuration.)

Lab 7: CoS
London

Denver

Denver-vr
206.2, 206.254

207.2, 207.254

lo0: 14.1,14.254

od
uc
t
Internet

lo0: 11.1,11.254

Amsterdam

203.2, 203.254

Amsterdam-vr

SaoPaulo-vr

lo0: 15.1,15.254

Sao Paulo

lo0: 10.1,10.254

ep
r

Fo
rR
202.2, 202.254

London-vr

www.juniper.net

205.2, 205.254

Proprietary and Confidential

io
n

SanJose-vr
San Jose

204.2, 204.254

lo0: 13.1,13.254

Montreal-vr

Montreal
lo0: 12.1,12.254

ot

Copyright 2005 Juniper Networks, Inc.

Serial Interface and DLCI

(See Lab 1b diagram for
interface, DLCI, and IP
address assignments.)

Frame Relay

Fast Ethernet Addresses: 172.17.x.y/29

Provider Gateway: 172.17.x.z

ISP A

lo0

192.168.200.1,.254

192.168.201.1, .254

192.168.202.1, .254

192.168.203.1, .254

192.168.204.1, .254

192.168.205.1, .254
192.168.206.1, .254
192.168.207.1, .254

Router
Hong Kong
Tokyo
London
Amsterdam
Montreal
San Jose
Denver
Sao Paulo

17

15

13

11

37.25

37.17

37.9

37.1

www.juniper.net

Provider GW (x.z)

Proprietary and Confidential

37.28

37.20

37.12

37.4

fe-2/0/1 (x.y)

io
n

VLAN (w)

od
uc
t

ep
r

VLAN w

Hong Kong fe-2/0/1

Tokyo

Fo
rR

Lab 8a: Branch Office Connectivity

ot

VLAN w

fe-2/0/1

192.168.200.1,.254
192.168.201.1, .254
192.168.202.1, .254
192.168.203.1, .254
192.168.204.1, .254
192.168.205.1, .254
192.168.206.1, .254
192.168.207.1, .254

Hong Kong

Tokyo

London

Amsterdam

Montreal

San Jose

Denver

Sao Paulo

Copyright 2005 Juniper Networks, Inc.

lo0

Router

(VPN)

.142

.141

.138

.137

.134

.133

.130

.129

gr0 (v)

18

17

16

15

14

13

12

11

38.28

37.28

38.20

37.20

38.12

37.12

38.4

37.4

Proprietary and Confidential

38.25

37.25

38.17

37.17

38.9

37.9

38.1

37.1

Provider GW (x.z)

io
n

fe-2/0/1 (x.y)

od
uc
t

ISP A

VLAN (w)

ep
r

Fo
rR

VLAN w

Hong Kong fe-2/0/1

Tokyo

Fast Ethernet Addresses: 172.17.x.y/29

Provider Gateway: 172.17.x.z
gr-0/0/0.0 address: 192.168.25.v/30

Lab 8b: Branch Office Connectivity

www.juniper.net

ot

192.168.200.1,.254

192.168.201.1, .254

192.168.202.1, .254

192.168.203.1, .254

192.168.204.1, .254

192.168.205.1, .254

192.168.206.1, .254

192.168.207.1, .254

Hong Kong

Tokyo

London

Amsterdam

Montreal

San Jose

Denver

Sao Paulo

604

604

603

603

602

602

601

601

L2VPN
VLAN (t)

.14

.13

.10

.9

.6

.5

.2

.1

L2VPN (v)

(VPN)

.142

.141

.138

.137

.134

.133

.130

.129

18

17

16

15

14

13

12

11

38.4

37.4

fe-2/0/1 (x.y)

38.25

37.25

38.17

37.17

38.9

37.9

38.1

37.1

www.juniper.net

Provider GW (x.z)

Proprietary and Confidential

38.28

37.28

38.20

37.20

38.12

37.12

io
n

VLAN (w)

ISP A

od
uc
t
gr0 (v)

ep
r

VLAN w

fe-2/0/1

HongKong fe-2/0/1

Tokyo

lo0

Copyright 2005 Juniper Networks, Inc.

VLAN w

Fo
rR

Router

fe-2/0/1

fe-2/0/1

Fast Ethernet Addresses: 172.17.x.y/29

Provider Gateway: 172.17.x.z
gr-0/0/0.0 and L2 VPN address: 192.168.25.v/30

Lab 8c: Branch Office Connectivity

VLAN t