[j-nsp] JNCIP question: eBGP policy

Chris Grundemann cgrundemann at gmail.com
Tue Sep 1 18:58:01 EDT 2009

On Tue, Sep 1, 2009 at 16:48, Yue Min<smartsuites at gmail.com> wrote:
> Chris,
> thanks for your thought. actually, I'm not guessing what they will
> test. asking these just because juniper lab is much more closer to
> real world, not like cisco lab in which most stuff you won't use in
> real world. so everytime when i see something different than real
> world, just want to correct it. :) got to remind myself don't do this
> in lab.

Very true - the one disadvantage to having good real-word experience I guess.

> the policy chain question came form the problem I feel about the lab,
> which we don't have much time to redo something, so I want find out a
> systematic way to cover all possible policy requirement. actually like
> i said, that the way we're using in the real world: define some common
> policies shared by all peers or some of peers ( like cust, peers ),
> and then if there's special traffic engineering requirmenet for
> specific peers, define a peer-specific policy to solve it. We've been
> using this way for long time and I feel that's where Junos gets power.
> so just want replicate the same systematic way to lab. I feel the most
> difficult thing in JNCIP policy part is not how to configure a
> specific feature or fix a specific requirement, for me the challenge
> is to write a good set of policy in limited time.

I understand your question better now and you are exactly correct.
The best thing you can do to pass this exam is recognize what
configuration (policy and otherwise) can be the same on every router -
or similar, with minor changes.

When I took the lab, I was able to create a couple of generic policies
to apply to all peer routers or all PE routers, etc. and then added
more specific policies (or terms) only on the routers needed.

Knowing how to copy a piece of config, edit things like interfaces or
IPs, and paste it into another router is key to finishing on time.  If
you can do that, time is not an issue imho, but if you have to type
the whole config of every router out by hand - there will not be
enough time.


> Min
> On Tue, Sep 1, 2009 at 3:28 PM, Chris Grundemann<cgrundemanChn at gmail.com> wrote:
>> Hi Min,
>> For the test, I would recommend that you do not assume anything
>> specific ahead of time.  As you stated in your first question, "even
>> if it's real world, [you] have to follow what's required."
>> The requirements given on the test will be similar to those given in
>> the case studies and in some cases may be the same but there is no
>> point to memorizing the specific policy chains nor individual policies
>> since you don't know what the specific combination of requirements
>> will be on the exam.
>> My best advice is to make sure that you understand how to meet the
>> various requirements with policy so that yo are prepared for anything,
>> rather than trying to anticipate the requirements.  More specific
>> advice below:
>> On Tue, Sep 1, 2009 at 16:03, Min<smartsuites at gmail.com> wrote:
>>> hey guys, I have a few reqestions during studying JNCIP book. hopefull
>>> someone can help here.
>>> 1. Can I safely assume and configure following annoucing policy since
>>> it's the way in the real world:
>>>    " send cust routes to transit and peer, send peer routes to cust,
>>> sent transit routes to cust. "
>>> I noticed sometimes JNCIP question doesn't require one or some of
>>> them, is it ok for me to implement all? sometimes it's required that
>>> "send peer routes to transit", I know even it's not in real world, I
>>> have to follow what required.
>> The most important thing is to make sure that you read and understand
>> the provided requirements and restrictions regarding what routes to
>> announce to whom.  In order to fully test your knowledge, the tests
>> requirements (in my experience) often did not follow a real-world
>> scenario.  Typically, anything that is not specifically forbidden is
>> allowed but you have to take into consideration all of the affects if
>> you are going to do something not specifically required as it may
>> impact routing in a way that interferes with a separate requirement or
>> restriction.
>>> 2. in practice, we normally define eBGP import policy like this:
>>> [ generic-filter-in generic-community-setup community-setup-as65050
>>> prefer-peer ]
>>> generic-filter-in and generic-community shared by all ebgp import
>>> policy on this router; prefer-peer shared by all peer ebgp import
>>> policy, community-setup-as65050 tags peer specific community.
>>> with extra requirement for some peers, one or some of these policy [
>>> as65050-filter-in no-comms damping prepend-twice ] will be added to
>>> policy chain.
>>> I'm wondering if this is a good policy formation for JNCIP test?
>> Again, it is going to depend on the specific requirements and
>> restrictions provided on the day of your exam -- focus on
>> understanding how to implement various requirements with policy,
>> rather than what the requirements should be.
>>> Min
>> Hope that is helpful even if it is not exactly the answer you were
>> looking for.  For a bit more information on the IP exam in general,
>> you may want to look over my recent post: JNCIP-M Lab Exam Q&A
>> (http://weblog.chrisgrundemann.com/index.php/2009/jncip-lab-exam-faq/).
>> ~Chris
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp

Chris Grundemann

More information about the juniper-nsp mailing list