MPLS and Vlans - ma favorite

Basics

IGP .
So we learned in the routing part that you can route traffic.
The traffic being routed will take the best choice.
For RIP  it will be    1-2-3-6-8-www        even though this is the most expensive 8
For OSPF and ISIS   it will be     1-2-4-5-6-8-www         which is the least expensive 6

So we pick one and what will happen is all the traffic will mainly flow on that route.
So router 3 and 7 are under utilized.

The goal of a good IT budgeting department is always to maximize the utilization of devices.
That way you don't have to upgrade as much.

Let's say you upgrade link 3-6 so now the cost is 1. Well then routers 4-5-7 will be underutilized.
So you just moved the problem around.



OK, back in 2K we had a network called ATM.
Asynchronous Transfer Mode.

Very complex, however it allowed each node to carry statistics on the data travelling on it.
It also allowed the routes or connections to change if links along the way were being saturated.
For example if 8 to 9 was congested a bit would go back along the route
and the Virtual connection would switch to  6 to 7 to 9. Till the route was back to not being congested.

The downside of the above ATM, was you needed to hire
an ATM expert and an IP expert as each was similar but very different.

The second downside was that ATM packets had a fixed size.
This is similar to a train car.
So if the TCP packet was an Acknowledge  (ie 2 people)    then the rest of the train car
was pretty empty. You still needed a train to pull the car along (Headers)

The third one was the number of links from devices to devices was very large as you required
a Mesh to leverage it.

The same problem happens with Frame-Relay which is another technology from 2K.

So in comes the solution in the name of MPLS.
Since Ethernet is cheaper and IP more abundant.
MPLS is seen as the wave of the future.

In general the MPLS is considered the Forwarding infrastructure

So in MPLS  instead of doing long IP looksup. They use short labels.
A label is Pushed on the packet.
The MPLS Service Provider  now uses Short Labels to decide where to send the traffic
The last or penultimate device will Pop the label.

Notice how this is similar to the QinQ idea.

Let's move on, an MPLS Header is composed of :

The Label is easy.
The COS was a nice idea but nobody uses it.
Bottom of Stack is for when you want to Stack inside a Stack
The limit is three at ingress and unlimited at transit.

TTL is intelligently copied from the IP packet  and then at every hp is decremented by the MPLS routers.

Reserved labels are
0-3 have some guidelines on popping.
4-15 are reserved for future use.

The Database for MPLS is called the LIB
Label Information Base.
It is stored in a table called    mpls.0
When this table is created it automatically creates Labels.
1. Label 0   IPv4 null
2. Label 1 Router Alert
3. Label 2 IPv6 null.

The table itself will have the following structure.

user@host> show route table mpls
mpls.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0                  *[MPLS/0] 00:13:55, metric 1
                      Receive
1                  *[MPLS/0] 00:13:55, metric 1
                      Receive
2                  *[MPLS/0] 00:13:55, metric 1
                      Receive
1024               *[VPN/0] 00:04:18
                      to table red.inet.0, Pop



So in the above case   in will come some packet with an MPLS label of 1024
and the action on it will be   POP.


1024               *[MPLS/6] 00:04:18,metric 1
                      to 172.16.0.1   via  xe-0/0/1.0 , SWAP  3000

The above is a similar idea but   this time the action is    replace the Label 1024 with   label 3000

MPLS Terminology

LER is the edge - it will take IP and Push a label on it.
LSR is in the middle-  it routes the labels

LSP  is the path from one LER to the other LER.

LSR will swap labels from one to the next LSR
There is a limit of 253 transit routers due to the bit size 8 of the TTL

PHP penultinate hop popping means that router 7 will POP the last MPLS label
so the Egress router simply has to route based on longest IP match
Egress router is also called the Tail-End router.

set interface ge-0/0/0 unit 0 family inet address 172.16.0.1/30
set interface ge-0/0/0 unit 0 family MPLS

if you add the MPLS it can now process mpls labels.

In addition you have to tell the MPLS protocol which interfaces are participating
#set protocols mpls   interface ge-0/0/0.0


So on router 1
#set protocols mpls static-label-switched-path   LSP_NAME ingress  next-hop interface ge-0/0/2
#set protocols mpls static-label-switched-path   LSP_NAME ingress  to ip 172.17.0.1(egress)
#set protocols mpls static-label-switched-path   LSP_NAME ingress  push label007


the next-hop is the interface to the next router

the egress is the last router

the label will be pushed on it before leaving.


On router 2.
#set protocols mpls static-label-switched-path LSP_NAME  transit label007  next-hop interface 2
#set protocols mpls static-label-switched-path LSP_NAME  transit label007  swap  label008

static-label-switched-path  should be unique
static label value 1,00,000  to 1,048,575
A label 0   will tell the next router to POP the label.


on router 6 which is the one before the pwe will set up

#set protocols mpls static-label-switched-path LSP_NAME  transit label008 next-hop interface 2
#set protocols mpls static-label-switched-path LSP_NAME  transit label008  swap  0

so now the SWAP 0  tells router 7 to POP the label and then send it without a label

So now the EGRESS router simply has no label and will use the IPv4 route table to route.


BGP and LSP
Apparently BGP will look at INET.3  where the LSPs are in order to find a next-hop
if it does not find it there. It will look at the regular inet.0

So let's start with their example.
Two assumptions are made.
MPLS is preferred to regular routing as it is "faster"
The ISP might want to route the BGP traffic in a certain way that he feels like.(traffic engineering)

R5 learns the prefix of site 2
prefix 64.25.1    next-hop  189.19.200.1(R6)
R5 advertises it to his iBGP neighbor R1

No R1 has a bgp
prefix 64.25.1   next-hop   189.19.200.1(R6)

However R1 does not have that destination in it's routing table inet.0
so the route will say Unusble
R1> show route 64.25.1/24 all   this will be a hidden route so we added the all to see it.
hidden because it cannot be used.
One resolution is to add replace the next-hop being R5 loopback IP
so
now R5 will replace the next-hop 189.19.200.1  with  the next-hop 192.168.1.2(loopback)

prefix 64.25.1   next-hop   192.168.1.2

from here R1 should be able to reach R5 using IGP  like OSPF.

So far so good, problem solved.
However we said we want to traffic engineer.
So we said when BGP looks up where to go it will consult table inet.3 first.

So on R1
R1#set protocols mpls static-label-switched-path my-bgp-lsp ingress next-hop 172.20.0.2
R1#set protocols mpls static-label-switched-path my-bgp-lsp ingress to 192.168.1.2
R1#set protocols mpls static-label-switched-path my-bgp-lsp ingress push 1000
the above is the ingress with a next-hop of R2 a push label of 1000 and the destination egress of L0 R5

So on router R2
R2#set protocols mpls static-label-switched-path my-bgp-lsp transit 1000 next-hop 172.30.0.2
R2#set protocols mpls static-label-switched-path my-bgp-lsp transit 1000 swap 2000
the above is a simple   if you get a label 1000  change it to 2000

on R4
R4#set protocols mpls static-label-switched-path my-bgp-lsp transit 2000 next-hop 172.40.0.2
R4#set protocols mpls static-label-switched-path my-bgp-lsp transit 2000 pop

the one above is a simple  if you get a label 2000  pop it.

So basically we set up a shortcut or an LSP using the route of my choice from R1 to R5.

So now the BGP lookup goes.
R1> show route 192.168.1.2
192.168.1.2   OSPF/10

on inet.3 it will be
192.168.1.2      MPLS6/1 to    172.20.0.2  via  ge-0/0/6   PUSH 1000

So if you recall the BGP prefix that R5 published was.
prefix 64.25.1   next-hop   192.168.1.2

so now the next-hop is available
R1>show route 64.25.1.0/24
64.25.1.0            BGP/170            from 192.168.1.5
                         to 172.20.0.2  via ge-0/0/6   push 1000

So now R1 has our BGP route in the inet.0 table
It is active.
So it will export it to the SITE 1

So now
If the LSP is up the BGP will prefer it.
If the LSP is down, it will go back to using the IGP - which can lead him to 1-3-4-5 for example.



Summary
Inet.0 will have the the BGP route  to the prefix using the LSP
Inet.3 will have the route to the BGP router using the LSP

MPLS.0 is used by the transit routers, they don't care and simply forward based on the label 1000

R2>show route table mpls.0
1000           mpls/6  to x via Ge    SWAP 2000


R4>show route table mpls.0
2000           mpls/6  to x via Ge    POP

**
Ping and traceroute become difficult to troubleshoot with an LSP

Implicit Null is the default 4 will POP

Explicit Null says 4 will forward it with the MPLS label but with a note for the Egress to POP.

(that was 1 chapter only 18 to go)

Label Distribution Protocols

RSVP

Resource reservation protocol 

Ingress R0 will send a PATH message. The message goes all the way to R5 Egress using IGP

R5 will send a Resv  Reserve resource for LSP message back, this message includes (labels)

This will reserve resources.

Ingress R0 will send a PathTear message to delete the path. This is by a sender or a timeout.

This message travels DOWNSTREAM towards the Egress

Routers can send PathErr messages , these travel upstream towards the INGRESS

ResvErr message tell you the Resv problem and go downstream towards the Egress

They all share a common header.

So let's see in English.

R0 sends a Path  to R5.
R5 sends a Resv message back to R0

If anybody has a problem with the Resv  they send out a ResvErr back to R5

R5 sees there is a problem with the Resv

So R5 sends a ResvTear

So we are sending data. Suddenly there is a problem with the Path  R2 has a problem
So he sends a PathErr   to  R0

Now R0 knows the path sucks and sends a new PathTear to remove the LSP

Then R0 will send a new Path  to R5.
So they can try again.

At least I hope that is the case.

The reservation of the path is soft. Meaning if there is no Path refresh  or Resv requests
Then R1 R2 R4  will simply drop the reservation and move on.

Extensions. RSVP is more Flexible so it has some Extensions.

Hello - the Hello is useful for rapid detection of failure.

Label Distribution -  is useful for sending out the labels to the LSRs  1-2-4

Let's look in details.
PAth Extensions.

The PATH will be signalled by the Ingress.
In our case it will be 

Path [R1 R2 R4 R5]

Each router on the way will remove himself and forward it on.
So at R2 the path will look like  path [R4 R5]

At R5 the path will look like   Path [ ]

This tells R5 he has been selected as today's winner and will be the Egress router.
All of the above left a small piece of data saying if data comes back reserve the HOP

Now R5 knows he needs to respond to the challenge by sending the Resv back.

Now R5 will distribute Labels.

R4 will have  Label in 3000  label out POP

R2 will have  Label in 2000 Label out 3000

R1 will have  Label in 1000  Label out 2000

R0 which is the Ingress will have  Label out  1000

Okay the above are

Path - Path  got an error
Then send back to ingress  PathErr - PathErr

So it sends the PathErr Upstream

(I added the arrows to make it clearer)

The Egress sends a Resv  then R4 says can't
and sends back a ResvErr

It sends it Downstream.

Ingress will generate a PathTear

and Egress will generate a ResvTear

to see the Tear s   use

R5>show log rsvp-traceoptions    |find ResvTear

R0> show log rsvp-traceoptions   | find PathTear

the Juniper book has this upside down.
I guess no one bothers to correct them once they pass the exam.

R1. show log rsvp-traceoptions  | find "rsvp send"

will show you if a reservation was created

ERO Explicit Route Object
When you want to traffic Engineer.
The Ingress can add an ERO saying I want to path to go through R3

ERO 0  means Strict   ie must use it.
ERO with an L bit   means L  like loose    foot loose.

RRO record Route Object
Keeps track of all the routers in the LSP 

this is like the tracert of this MPLS.

>show log rsvp-traceoptions    |    find "recv Resv"

this will list the Resv recieved

set protocols rsvp traceoptions flag all detail

can help you troubleshoot.

MTU discovery on the RSVP.

R0>show rsvp session detail

will have  Adspec  sent  MTU  4400
Path MTU   received 1500

This means that I need to fragment the pieces to 1500, because one of the devices has a lower MTU.

You can add MD5 authentication

R1#set protocols rsvp interface ge-0/0/0.0 authentication-key jennie

you can see it under the 

>show protocols rsvp interface ge-0/0/0.0 detail.

Graceful restart in RSVP

will signal to the other guys who will send a helping label.

set routing-options   graceful-restart

>show rsvp version

thanks. not the correct place under the rest of the code Juniper, can we fire that engineer.

Point-to-Multipoint

Like Multicast.

Supports Gres

This way the LSRs do not need to support multicast  (expensive license)

R0#set protocols mpls  label-switched-path    multicastR2   to 192.168.5.2

R0#set protocols mpls  label-switched-path    multicastR2  p2mp  IPTV-LSP

R0#set protocols mpls  label-switched-path    multicastR3   to 192.168.6.2

R0#set protocols mpls  label-switched-path    multicastR3   p2mp  IPTV-LSP

R0# set routing-options static route 224.7.7.7/32       p2mp-lsp-next-hop  IPTV-LSP

R0# set routing-options multicast   interface ge-1/1/1.0

this forwards multicast to 2 destinations.

Ok, the dumb cousing

LDP

This is supposed to be an easy version that simply chooses the destination by hops.

Label Distribution Protocol.

HIghest IP is incharge of the session

Hello Every 5 seconds

Hold is 3*5  = 15 seconds

LDP verison 1.

LDP tunneling. - You can apparently run the LDP   over the RSVP.

label-switch-path   lsp_name   ldp-tunneling

MD5

set protocols LDP   sesssion 192.168.1.2  authentication-key  jennie

It's not my fault the explanations are terrible.
Let's just say for the exam. LDP is simple, next hop
RSVP is for traffic engineering and extras.

CSPF
If you want to police the  amount of traffic coming back wiht a traffic reservation

set protocols mpls auto-policing class all drop

set protocols mpls label-switch-path R1-to-R2

bandwidth 35m

>show rsvp interface

will show you the policing or bandwidth you can reserve

you can use percentage or value

supscription percentage

bandwidth  value

cspf is a modified spf

You can use it to exclude or include links in the path when doing selection.

LSP
retry timers

retry limit

revert-timer

You can set up primary path
and a secondary path so it will switch to it quicker on failure.

set protocols mpls label-switched-path green   path one  xxxx strict

set protocols mpls label-switched-path green   path two  zzzz strict

Then

set protocols mpls label-switched-path green   primarty one

set protocols mpls label-switched-path green   secondary  two

the MPLS will then switch on failure to the other strict router

using ourb example

path one will have   R2 strict

path two will have  R3 strict

You can give LSPs priority 0 is the strongest  7 is the weakest 

You can load balance

Bypass LSP

on R1 you can configure a Bypass LSP

this will rely on a failed hello from R2

Then it will quickly bypass it.

Set protocols rsvp  interface ge-0/0/1.0 link-protection

R0#Set protocols mpls label-switched-path lsp_name optimize-timer   seconds

This will try every so many seconds to look up and see if there is a better path
by default this is zero so unless someone dies you won't be getting his job.

You can add prefixes to the INET.3 so BGP can look them up.

set protocols mpls label-switched-path   lsp_1  install 10.0.0.2/32

LDP and RSVP are in INET.3

If you add the word active  to a prefix you install on inet.3

it will miraculously appear on inet.0 

set protocols mpls label-switched-path   lsp_1  install 10.0.0.2/32 Active

the output will say this is an RSVP route /7

Alright let's say you want to offer the INET.3 routes to OSPF.

set protocols mpls traffic-engineering  bgp-igp

set protocols mpls traffic-engineering  bgp   #is the default

set protocols mpls traffic-engineering  bgp-igp-both-ribs  resolves hidden routes

set protocols mpls traffic-engineering  no-forwarding 

no-decrement-ttl

will mean that when the LSR is sending MPLS labels it won't change the TTL.

ping mpls ldp 192.168.1.1  will ping over the ldp as if it was one hop.

MPLS and VPNs

Let's say your client wants a Layer 2 connection from LA to NY so all devices think
they are L2. You can do this 

PPTP L2TP

or
IPSEC if he wants it secure.

Both of the above are at the CPE customer. He will configure them.
You just provide the MPLS.

Alright,
Now the ISP can also provide you with VPNs over the MPLS.

The VPNs will have a VRF so if so and so IP  comes in  then use this VPN.

This is called  PP-VPN

These will be Virtual Circuits which the ISP can bill the client for.

VPLS

this is layer 2. So the Provider equipment uses Layer 2 macs in order to route.
It will need to have a MAC table with the next-hop being the LDP.

This VPN can carry any route in the MPLS.
As long as the other device extracts the VLAn and layers 2 to the destination.

So on the VPLS the CPE does the tunneling of layer 2 into the MPLS.

CE customer Equipment

PE provider Equipment

P Provider

The PE needs a VRF for the customers so it can know which one to put on which LSP circuit.

If both clients have the same IP subnect use the route-distinguisher.

Since the explanation were lame and there was no actual config work the VRF and VPLS
should not be in the exam
(crossing fingers)

VPNs Review.
OK
the Model when I started IT was.

A company would have two lines.
One would be internal connecting to their "datacenter" or other HQ along with the branches.
The second one would be to the internet.
I think we had for example a client, Volvo with 40 frame relay branches that were slow.

Eventually the world moved along and in came VPN. The volvo branches were told to drop the frame
relay and just use VPN to get to their data.
This is great. However when you VPN

your sites using the Firewalls, it is great you have a VPN.
However you have no control over the INTERNET.
In the example above, you can see that the house has a nice connection to HQ
The house on the right has a terrible one.
The datacenter and HQ can barely talk.
So now your network is suffering.
---
Usually at this stage the amateur will call his ISP and yell at them.
They will simply ping test from their router to your router and say the network is fine
the congestion is in the INTERNET.
At this point you are screwed and losing money if you an HFT or any bug business.

So VPNs using firewalls or tunnels are great up to a point.
So normally here the client would pay to get back to Frame Relay (more consistent)
or ATM  (much better)
or even for their own Fiber  (expensive)

At this point Service Providers came in and said. Well look, you connect to our MPLS
and we will give you Internet  and a Traffic Engineered VPN to your other sites.
The VPN can be Layer 2 or Layer 3.
Now who wouldn't take it.........

The provider can also layer the VPNs.
So you can have a VPN for voice  (fast)  ($$$$)
a VPN for data  slow ($$)
Then they engineer their MPLS to match your requirements.


Layer 3 PP -Vpn
OK.

In this option.
the ISP will offer to join your routing protocols.
So CE and PE will become neighbors.
They will exchange routing.
The only difference is that on the routing table of PE
when you want to reach the datacenter . PE will run an LSP to the datacenter PE.
This way you can reach the Datacenter.

For each VPN, the PE maintains a VRF  virtual routing and forwarding table.

A bit cluttered I apologize.
So with the diagram it should be easier.
My ISP turns on routing on my interface. I route to him he to me.
Next hops sit in the VRF  (double check)
the PE1 and PE2 will update each other of the routing data that each has by using
MP-BGP. The reason for the MP-BGP is that the MPLS allows
for overlapping IP data/private ip etc, because MPLS uses labels and not IP.

So the person in charge of the VPNs is the provider. I do nothing but very minimal routing.

Now in order to connect PE1 to PE2, the provider needs to set up the LSP like the previous chapters
detailed. The LSP will be the path.
To reserve the path we need a labeling solution. You can choose
RSVP  or LDP.
A PE-PE LSP is what we call the LSP.
MP-BGP is used.
The provider ISP will segment the other networks from you by filtering out the advertisements.
So in reality only PE, PE1 and PE2 will be able to get them. This is like a VLAN  only so and so get
the packet broadcast.

Virtual Router.
In the above scenario you can also make PE1 and PE2 virtual routers
Those virtual routers create a SHAM link. so CE-HQ can OSPF to CE-Datacenter
The Virtual routers simply transfer the OSPF lsa messages.

The advantages are the customer does not need to maintain the links.
The disadvantage is that the routing is no longer controlled by the customer.
If a customer wants to fully control the routing then he will need a L2PVPN.


L2 PP-VPN
Layer 2   point to point VPN.
Ok, so the Layer 2 CCC  circuit cross connect is a Layer 2 at the ISP.
By that I mean that it uses an LDP for each site to site

Ok in this scenario.
The client's device CE  has this routing table.

The PE1 has this

so as you can see the DLCI maps to the LSP.
For each DLCI you need an LSP.
This is somewhat similar to FrameRelay.
For the customer it is identical so same configuration. It is only the Frame Relay cloud that has been
replaced by the MPLS cloud.


BGP L2 PP VPN
In this technique you use two level of labels.
One for the map similar to the CCC.
The second is done by the ISP for his routing.
Routing is CE to CE   so the client keeps control of the routing protocol and his

LDP L2 PP VPN
This is similar too except  in this case you use the VRF to map them LSPs
This is a bit less flexible as LDP requires more manual configuration.

VPLS Virtual Private Lan Service.
In this case the PE simply learns MAC addresses instead of DLCIs
the MAC table will say.
00-22-00-22-00-ff   to LSP 1
If a MAC is unknown it will be broadcast  to all of the LSPs
The advantage is you can use any protocols as it simply relies on L2 MAC and not IP.


At each site the circuit must be the same. Ie ATM/Frame etc.
You can also translate by using  the TCC.



Deeper dive.
Layer 3 VPNs
Provider Edge PE - maintain the VPN route and forwarding VRF for each VPN.
P routers provider do nothing but switch labels.
For each PE the number of VRF tables will be the number of Sites
In our example PE1 will have 3 VRF tables for each of the sites.
PE2 will have 1 VRF table.
A lookup that comes from hq will be in the hqvlan.vrf
a lookup from the garage will be in the  garage.vrf
If two sites have the same IP address pool,  the MP-BGP can use the route distinguisher
to distinguish them apart. It will use a SAFI  and the BGP will export that SAFI as an option
to the other PEs
the fields in it are.
ASN : number field(ISP gives this)  :IP :
10458:23:10.1/16
10458:26:10.1/16

The PE2 receives this and can distinguish which 10.1 it came from.

So CE does  routing or static to  PE
PE maps the VRF
VRF publishes the routes using MB-BGP
Import route can be set up to filter the data into the tables.

There are two labels an inner for the BGP and VRF
an outer which is used to traverse the MPLS network.
Penultimape P will POP the outer one.
PE will pop and use the inner one to translate the VPN
The PE will send IPv/4 to the CE


Configuration.
You have MPLS already set up
You have mp-bgp set up.

The PE will have
vpn-name.inet.0  which will have all the IPv4 routes from the directly connected CE
                           it will also have static routes
bgp.l3vpn.0   will have the IPv4 routes from other PE devices

So when datacenter sends its prefix
It will reach the PE it will be added to the bgp.l3vpn.0
the bgp.l3vpn.0  will evaluate the next hop for the vpn from the inet.3
once it has a next-hop
it adds the route to the vpn-name.inet.0 table

Enabling the bgp.l3vpn.0 is done by
PE# set protcols bgp group gr_002 type internal
PE# set protcols bgp group gr_002 family inet-vpn   unicast
this will turn this on the internal iBGP.

#set routing-instances   vpn-a    instance-type   vrf
#set routing-instances   vpn-a    route-distinguisher                #this distinguishes the sites
#set routing-instances   vpn-a    interface                  #this will be CE to PE interface
#set routing-instances   vpn-a    vrf-target            #community

Assign the distinguisher like we said. manually  192.168.1.1:1
or you can assign it  automatically  route-distinguisher-id  192.168.1.1
In this case the target is the community (bgp)
This will separate different BGP traffic.

OSPF SHAM Link. if I want to use the PE as a virtual router in my Area 0
I create a SHAM link so my CEs use the PE as a router to send OSPF and get them(LSAs)
#set protocols ospf sham-link 192.168.0.1      (lo0)
#set protocols ospf area 0.0.0.0  sham-link-remote  192.168.0.2

#set interface lo0.0 family inet address 192.168.0.1/32

the above basically created a sham link or a tunnel. so LSAs can travel.

In the OSPF neighbor the interface to send the LSAs will be interface shamlink.0
The last thing to do is export the BGP learned routes into the OPF.
set policy-options  policy-statement  export-cust-a  term1  from protocol bgp  then accept
set protocols ospf export  export-cust-a 
This will add the BGP to the OSPF.

In order to add stub networks you need to convert the LSAs you get to LSA5
you add a domain ID to the Area on each PE
If the domain ID matches, then it will be a Type 3
If there is no Domain ID in use they will be type 3  (ie describing the network)
if the domain does not match  they will be LSA5 type 5. So the PE is pretending to be an ABR.

Manually add a Router-id to each PE so it won't use its loopback.
You can also tell the BGP to export it to others.
set policy-options policy-statement export-vpn-a
term1 from protocol ospf  then community add vpn-a
term1 from protocol ospf  then community add domain-a

Set community domain-a    members   domain-id:1.1.1.1
Set community domain-a    members   target:65512:101

so we added the target before , so the BGP can filter your customer.
Now we simply add to that the  domain-id  so it will get exported into the BGP too.


Scalability.
this is actually something I do.
Says to make the PE forward the BGP part to the P.
That way you are not saddling the PE with the BGP tables.

CE-PE should be simple, if you can use static as creating an OSPF for every VRF can
tax the system.

BGP can levarage route reflection to avoid the costly iBGP mesh links.
BGP route refresh can also be used to avoid dropping sessions when updating VPNs

Route Target filtering is helpdul to prevent the broadcast crossing vlans. I mean customers.

You can set up route reflectors for the VPN themselves.

You can give people access to the Internet   by
1. the PE having internet routes
2. the PE having a VPN to the internet.
3. The CE having internet routes.

Advanced layer 3.
If you don't want to set up a VPN between two sites you can share the PE VRF tables.
So vpn 1 routes will be placed in vpn 2 routes.

So import a rib group
set routing-options     rib-groups    a-to-b  inport-rib  vpn-a.inet.0   vpn-b.inet.o
set routing-options     rib-groups    b-to-a  inport-rib  vpn-b.inet.0   vpn-a.inet.o

that way both will have the routes of the other one in their RIB  routing table.

you can also set up an  "auto-export".
This will auto-export the routes to anyone else with the same target.

QoS
You can set up different policy and vrf for classes.
In essence create two lanes, the fast lane  and the gridlock lane.
then give priority to some types of traffic.


Next generation Multicast
To be honest, in 18 years of IT. I have yet to implemented Mutlicast for anyone.
I think it came 9 years ago but I have never had a client tell me.
Look Saar, I want to multicast.
Anyway it is a subject.

A Multicast software license for a device is expensive.
Every device on the hops must support Multicast.
So MPLS decided to drop that for now
and basically the way they  Multicast is simply by using GRE tunnels.
The old way was some Rosen guys.
Draft Rosen. Required the network backbone to use PIM


This JNCIS-SP is supposed to be an entry level exam into the field of SP routing.
Do they really expect people to memorize this.
I'd skip it.
Your chances of getting a job offer that requires you to know Multicast off the top of
your head are zilch. So skip it.



BGP layer 2 VPNs.

Anyway I have given up at this part of the curicullum.
If the exam has this I will fail, if it does not. Then it is not much of an exam.


:)
Saar