Internetwork Expert’s CCIE SP 5-Day Bootcamp Mock Lab 1

CCIE SP Mock Lab Exam 1

Lab Overview:
This lab scenario is a mock lab exam designed to simulate the conditions of
Cisco® Systems’ CCIE™ Service Provider Lab exam. This lab should be
completed within eight and a half hours. The only resource that should be used
while configuring this lab the Cisco® documentation set. This documentation is
available in both CD format, and online at:

[Link]

Lab Instructions:
Prior to starting, ensure that the initial configuration scripts for this lab have been
applied.

Refer to the attached diagrams for interface and protocol assignments. Any
reference to X in an IP address refers to your rack number, while any reference
to Y in an IP address refers to your router number.

Lab Do’s and Don’ts:

 Do not change or add any IP addresses from the initial configuration
unless otherwise specified
 Do not change any interface encapsulations unless otherwise specified
 Do not change the console, AUX or VTY passwords or access methods
unless otherwise specified
 Do not use any static routes, default routes, default networks, or policy
routing unless otherwise specified
 Save your configurations often

Copyright © 2009 Internetwork Expert [Link]

1
Internetwork Expert’s CCIE SP 5-Day Bootcamp Mock Lab 1

Questions:
Feel free to ask the proctor questions during this mock lab exam, and during the
actual CCIE™ lab exam. Keep in mind that the proctor will not give you the
answer to a question in the exam, nor will they confirm whether your solution to a
task is valid. The only type of help that the proctors are allowed to give you is
clarification of the actual exam questions, and any issues relating to hardware
problems. In order to properly simulate the conditions of the CCIE™ Lab exam,
the instructors of this class will only answer clarification questions during the
exam.

Grading:
A score of 80 points is required to pass this mock exam. A section must work
100% with the requirements given in order to be awarded the points for that
section. No partial credit is awarded. If a section has multiple possible solutions,
choose the solution that best meets the requirements.

GOOD LUCK!

Copyright © 2009 Internetwork Expert [Link]

2
Internetwork Expert’s CCIE SP 5-Day Bootcamp Mock Lab 1

1. Layer 2 Technologies
Basic Layer 2 and Layer 3 settings have been preconfigured. Frame-Relay is
used on all serial connections except for the link between R4 and R5, which is
configured to run HDLC.

1.1 Layer 2 Troubleshooting

 There are two issues introduced into the initial configurations that affect
per-link connectivity.
 Isolate and resolve the issues in order to return the Layer 2 configurations
to the baseline and proceed with further tasks.

4 Points

1.2 PPP over Ethernet

 For added security PPPoE will be running on the PE-CE link between R5
and R6.
 Configure R6 to initiate the PPPoE session and for R5 to respond.
 R5 should use the address 192.56.X.5/24.
 R6 should negotiate the address 192.56.X.6/24, but only after
authenticating to R5 with the CHAP username and password of
CISCO/CISCO.

4 Points

Copyright © 2009 Internetwork Expert [Link]

3
Internetwork Expert’s CCIE SP 5-Day Bootcamp Mock Lab 1

2. Interior Gateway Routing

2.1 IGP Troubleshooting
 There are two issues introduced into the initial configurations that affect
connectivity.
 Isolate and resolve the issues in order to proceed with further tasks.
 By the end of this section you should have Intra-AS connectivity within
ASes 19 and 245.

4 Points

2.2 OSPF
 Configure OSPF area 0 on R1 and R9 using process number 19 in order
to provide connectivity between the Loopback0 interfaces of these routers.
 Since the OSPF topology inside AS 19 is stable, configure R1 and R9 to
set the Do Not Age flag on all locally generated LSAs.

4 Points

2.3 IS-IS
 Configure IS-IS on R2, R4, and R5 using process number 245 in order to
provide connectivity between the Loopback0 interfaces of these routers.
 Use IS-IS Areas in the format 49.000Y and System-IDs in the format
[Link].00.
 Do not send hello packets out the Loopback0 interfaces.
 Provide for the fastest possible detection of a lost neighbor in AS 245.

4 Points

Copyright © 2009 Internetwork Expert [Link]

4
Internetwork Expert’s CCIE SP 5-Day Bootcamp Mock Lab 1

3. Exterior Gateway Routing

3.1 BGP Unicast Peering
 BGP will be used to advertise both IPv4 Unicast and MPLS VPN routes
between AS 19 and AS 245.
 Configure iBGP peerings between R1 & R9 in AS 19, and R2 & R4 and
R4 & R5 in AS 245.
 Use the most reliable interface for these iBGP peerings.
 Configure EBGP peerings between R1 & R5 and R2 & R9.
 Advertise the Loopback0 networks of all of these devices into BGP.
 Do not advertise the transit links between AS 19 and 245 into IGP or BGP.

4 Points

3.2 BGP Optimization

 Configure the EBGP sessions between AS 19 and 245 to converge as
quickly as possible in the event of a failure in connectivity between peers.

4 Points

Copyright © 2009 Internetwork Expert [Link]

5
Internetwork Expert’s CCIE SP 5-Day Bootcamp Mock Lab 1

4. MPLS
4.1 Frame Mode MPLS
 Configure MPLS label distribution inside AS 19 and AS 245.
 Configure the Cisco proprietary label distribution mechanism between R1
and R9, while AS 245’s distribution method should support both Cisco IOS
and JunOS based routers.

4 Points

4.2 Label Allocation

 Configure the MPLS enabled devices in AS 245 to use label numbers 500
– 700 for automatic allocation.
 If label distribution adjacency setup fails due to incompatible parameters,
neighbors in AS 245 should initially wait 10 seconds before attempting
setup again, and throttle this delay to no more than 60 seconds.

4 Points

4.3 Inter-AS Label Allocation

 Configure Inter-AS MPLS label exchange between AS 19 and AS 245 per
IETF draft 2547bis option B.

4 Points

Copyright © 2009 Internetwork Expert [Link]

6
Internetwork Expert’s CCIE SP 5-Day Bootcamp Mock Lab 1

5. VPN
AS 19 and 245 offer both L2 VPN and L3 VPN services to their customers at
multiple POPs. VPN_A is used for Customer A’s Intra-AS L3 VPN connectivity
between R8/BB2 and R6/BB1. VPN_B is used for Customer B’s Inter-AS L3
VPN connectivity between R8 and BB3. Inter-AS L2 VPN service will be
provided between R3 and R7.

5.1 VRF-Lite
 R8 has been installed for managed services for Customer A and
Customer B in the same location. Configure R8 for VRF-Lite separation of
the control plane and data plane traffic between these customers as
follows.
o Customer A should be allocated VRF VPN_A with route
distinguisher 100:1.
o Customer B should be allocated VRF VPN_B with route
distinguisher 100:2.
o Customer A’s segments on R8 consist of VLANs 48 and 192.
o Customer B’s segments on R8 consist of VLANs 8 and 84.

4 Points

5.2 PE-CE Routing

 Customer A’s L3 VPN is serviced by PEs R2, R4, and R5.
 Configure OSPF area 51 routing for this VPN on VLANs 48, 56, and 192
using VRF VPN_A and RD 100:1.
 Advertise the Loopback0 network of R6 into the VPN.

4 Points

Copyright © 2009 Internetwork Expert [Link]

7
Internetwork Expert’s CCIE SP 5-Day Bootcamp Mock Lab 1

5.3 VPN Aggregation

 Configure R6 to exchange routing information between R5 and BB1.
 R6 should advertise a single aggregate route to its PE for the prefixes
coming from BB1.

4 Points

5.4 Intra-AS VPN

 Configure AS 245 to support L3 VPN route exchange for the Customer A
sites as follows:
o R2 should advertise routes learned from VLAN 192 into the MPLS
network with a RT value of 245:201.
o R4 should advertise routes learned from VLAN 48 into the MPLS
network with a RT value of 245:401.
o R5 should advertise routes learned from VLAN 56 into the MPLS
network with a RT value of 245:501.
 Once route exchange is complete, R8 should have reachability to all
networks advertised by BB1, and R6 should have reachability to all
networks advertised by BB2.
 If R8’s VLAN 192 interface is down, traffic from R8 to VLAN 192 should be
rerouted over the MPLS network.

4 Points

5.5 PE-CE Routing

 Configure Customer B routing via VRF VPN_B on R4 and R8.
 Use OSPF area 0 for route exchange between these neighbors.
 Advertise VLAN 8 into this VPN.
 Authenticate the adjacency between the PE and CE using the MD5
password CISCO.

4 Points

Copyright © 2009 Internetwork Expert [Link]

8
Internetwork Expert’s CCIE SP 5-Day Bootcamp Mock Lab 1

5.6 PE-CE Routing

 Configure Customer B routing via VRF VPN_B on R1.
 R1 should peer with BB3 via BGP.
 BB3 is in AS 54, and will be expecting R1 to be in AS 100.

4 Points

5.7 Inter-AS VPN

 Configure Inter-AS VPN services for the Customer B sites using route-
target values 19:102 at R1 and 245:402 at R4.
 Once complete R8 should have reachability to all prefixes advertised by
BB3 when sourcing traffic from either VLAN 8 or 84, even if either of the
peering sessions between AS 19 and AS 245 are down.

4 Points

5.8 Inter-AS L2 VPN

 R3 and R7 are preconfigured for direct layer 2 connectivity with each
other, and routing via OSPF.
 Configure R1 and R2 as the PEs to support this Layer 2 VPN connection.
 Do not modify the layer 2 configuration of either R3 or R7 to accomplish
this.
 Once complete R3 and R7 should have connectivity to each others
Loopback0 interfaces.

4 Points

Copyright © 2009 Internetwork Expert [Link]

9
Internetwork Expert’s CCIE SP 5-Day Bootcamp Mock Lab 1

6. IP Multicast
6.1 Intra-AS Multicast
 Configure Multicast inside AS 245 using PIM Sparse Mode.
 R4’s most reliable interface should be used as the RP for this network.
 Do not dynamically advertise RP information to any neighbors.

4 Points

6.2 VPN Multicast

 Configure R4, R5, R6, and R8 for VPN multicast support of Customer A
using PIM Dense Mode.
 Use the address [Link] as the group address for Customer A’s
multicast traffic transiting the MPLS network.
 Once complete, R8 should be able to ping the address [Link]
and have the traffic forwarded out R6’s link connecting to BB1.

4 Points

Copyright © 2009 Internetwork Expert [Link]

10
Internetwork Expert’s CCIE SP 5-Day Bootcamp Mock Lab 1

7. QoS
7.1 PE-CE Policing
 AS 245 has agreed to support up to 5Mbps of transit for the Customer A
VPN links.
 Configure the PEs servicing this VPN to limit the traffic received from any
CE device in Customer A’s VPN to enforce this policy.

4 Points

8. Security
8.1 Control Plane Security
 Configure AS 245 so that all IGP label exchange is authenticated with the
MD5 password CISCO.

4 Points

8.2 DoS Prevention

 Configure R5 to prevent address spoofing attacks on its PE-CE
connection to R6.
 All denied spoofing attempts should be logged.
 Use the minimum amount of configuration necessary to accomplish this.

4 Points

Copyright © 2009 Internetwork Expert [Link]

11
Internetwork Expert’s CCIE SP 5-Day Bootcamp Mock Lab 1

9. System Management
9.1 RMON
 In order to help detect possible DoS attacks, configure R6 to generate a
syslog message whenever the number of unicast packets received from
BB1 exceeds 10000 pps over an average of 60 seconds.
 If the threshold is breached a log should be generated that reads “Above
10000pps average in from BB1”.
 When the value falls back to 5000pps average a log should be generated
that reads “BB1 input pps value returned to nominal”.
 Send these log messages to the syslog server at 192.10.X.100.

4 Points

10. IP Services
10.1 NetFlow
 Configure R5 for NetFlow according to the following requirements:
o IP address and port for the NetFlow collector: 27.X.0.100:11000
o Source NetFlow traffic off of the Loopback0 interface
o Collect input and output packets on the link to R1
o Include the BGP origin AS in the collection
o Only collect NetFlow statistics for the top most MPLS label

4 Points

Copyright © 2009 Internetwork Expert [Link]

12