JNCIP part 6

The tricky JNCIP ibgp requirement :

• You must configure at least three clusters and at least two route reflectors.

• You must use physical address peering in at least one of your clusters.

• The failure of any link must not break the route reflection topology.

• The route reflection topology must not impose suboptimal routing or black holes.

• Authentication and logging settings from the previous section must remain in effect.

The ebook indicate the r3, r4 will in different cluster because :

But placing both r3 and r4 in the same cluster would be a mistake in this case,

because doing so will cause r3 and r4 to ignore updates that carry their common cluster ID.

This will result in missing routes on one of the reflectors should a peering interface fail on

one of the two route reflectors that serve clients r1 or r2,

which would violate the redundancy aspects of your design requirements.


I'll show you why.

If both R3 and R4 in the same cluster 1.1.1.1 and R2 to R4 interface is down.
R4 BGP peering to r2 and r1 is gone, and both r1,r2 send BGP update to r3, then r3 will update to r4. When R4 received BGP update from R3, R4 will not accept "because r3,r4 in the same cluster"


A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 192.168.50.0/24 B 170 100 >10.0.2.9 I

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

R4 will get missing route. This result will make you score 0 point.

JNCIP part 5

JNCIP part 5

The JNCIP iBGP case study, we will look at each requirement:

• Redistribute the static routes shown earlier in Figure 5.7 into IBGP, and using communities, ensure that all routers prefer r2's 192.168.100/24 IBGP route. You must not alter the default local preference of this route

Both R1,R2 will adv 192.168.100/24 to bgp peer, and R2 as primary with change Local-P. First at all, how many BGP attribute we can used ?

1, No weight here, it's Junos not IOS. forget it.
2, No Local-P, The requirement said can't change Local-P.
3, as-path, The iBGP update will not change as-path.
4, Origin code, The JNCIP ebook didn't using this way, but I DO.

policy-statement ibgp-exp {
term 1 {
from protocol static;
then {
metric 111;
origin incomplete;
accept;
}
}
}

Both R3,R4 will not select R1 as best route for 192.168.100/24
R3
192.168.100.0/24 *[BGP/170] 00:00:10, localpref 100
AS path: I
> to 10.0.4.2 via fe-0/1/0.23
[BGP/170] 00:00:10, localpref 100, from 10.0.3.4
AS path: I
> to 10.0.4.2 via fe-0/1/0.23
[BGP/170] 02:59:50, MED 111, localpref 100
AS path: ?
> to 10.0.4.14 via fe-0/1/2.13

so, It work for me!

JNCIP eBook update @ page 553

A typo in JNCIP ebook page 553.

The old request :
"Do not accept any default routes or RFC 1918 routes from EBGP peers"

The update request :
"Do not accept any default routes or RFC 1918 routes from *Customer* EBGP peers"

JNCIP part 1

After SP lab, I will move to JNCIP, the different from SP to JNCIP is the multicast. There is no Multicast in JNCIP, and a little bit QoS in it.

The best book for JNCIP exam of course, The sybex JNCIP study guide.

6 chapters in it. We start from Ch1, the inital config. Since I doesn't know the test netwrok for the exam, But one thing is correct, the Console server. Juniper doesn't have any product function like cisco 2509,2511. So, the ternimal server is connect to the router console port. Make sure you can clear the line and how to exit from the line.

Then OoB is different from cisco also. The cisco 25,26,3600 series routers isn't support OoB interface. And fxp0 acts as OoB for the juniper router. No-readvertise command will not adv this route into any routing protocol.

Accounts, If you dont' want centralise control the account, the local user accoount will control what you can do in the junos. Root just like Freebsd root user. for the first boot router, you need to change password of the root then you can move to next. There is also ops for op dail check. and monitor.

SNMP/NTP, In the modern NOC, The snmp is need as default. Some inetrface usage, link down trap will send by SNMP. Add what clinet can query this router, which cann't.