IP Tunnels Tunnels encapsulate one protocol inside another, creating a virtual point-to-point link across a network that wouldn’t otherwise carry that traffic. The encapsulating network is called the underlay; the encapsulated traffic and the logical topology it creates is called the overlay. Both GRE and IP-IP are stateless — they hold no session state and provide no encryption or reliability guarantees. Common use cases: Carry IPv6 traffic across an IPv4-only core (6in4) Carry IPv4 traffic across an IPv6-only core (4in6) Extend IGP adjacencies across a WAN that doesn’t support multicast Tunnel MPLS across a non-MPLS network Bridge Layer 2 domains across a routed network Tunnel Concepts Underlay vs Overlay: ...

IPv6 IPv6 was designed to solve IPv4 address exhaustion while simplifying the protocol. The header is fixed-length and streamlined, broadcast is eliminated in favor of multicast, and address configuration can be fully automatic. For service providers, the most exam-relevant areas are address types, NDP, autoconfiguration, and how routing protocols (OSPF, IS-IS) extend to support IPv6. IPv4 vs IPv6 Key Differences Feature IPv4 IPv6 Address size 32 bits 128 bits Header size Variable (20–60 bytes) Fixed 40 bytes Header checksum Yes No (relies on L4) Fragmentation Routers and source Source only Broadcast Yes No — replaced by multicast Address resolution ARP NDP (ICMPv6) Autoconfiguration DHCP only SLAAC + DHCPv6 IPsec Optional Built into extension header framework IPv6 Header The base IPv6 header is always exactly 40 bytes. It is simpler than IPv4 — no checksum, no options field, and no fragmentation fields (those are handled by extension headers when needed). ...

IS-IS IS-IS (Intermediate System to Intermediate System) is a link-state routing protocol used primarily in service provider networks. Like OSPF, it uses the Dijkstra SPF algorithm to compute shortest paths, but runs natively over CLNS rather than IP, making it protocol-agnostic and well-suited for multi-protocol environments. Terms ES (End System) - A host that originates and receives packets. ES-to-ES communication is host-to-host. IS (Intermediate System) - A router that forwards packets. IS-IS describes routing between intermediate systems. CLNS/CLNP - IS-IS runs natively over the Connectionless Network Service (CLNS) using CLNP, not IP. This is a key distinction from OSPF. NSAP (Network Service Access Point) - The addressing scheme IS-IS uses instead of IP addresses. NET (Network Entity Title) - The IS-IS address configured on a router. Format: Area ID . System ID . NSEL Example: 49.0001.1921.6800.1001.00 49.0001 — Area ID 1921.6800.1001 — System ID (6 bytes, often derived from an IP like 192.168.1.1) 00 — NSEL (always 00 for a router) System ID - 6-byte unique identifier for a router within an area (similar to OSPF Router ID). NSEL (N-Selector) - The last byte of a NET, always 00 for routers. L1 router - Routes only within its area; sends traffic to unknown destinations toward the nearest L1/L2 router. L2 router - Routes between areas and toward other ASes. L1/L2 router - Does both; this is the Junos default. Link-State Database Runs the Dijkstra SPF algorithm. L1 and L2 maintain separate LSDBs — SPF is run independently for each level. Each router originates its own LSP and floods it throughout its level. LSDB synchronization is handled by CSNPs (full sync) and PSNPs (fill gaps). IS-IS Protocol Data Units (PDUs) IIH (IS-IS Hello) - Used to discover neighbors and maintain adjacencies. Contains the router’s identity, capabilities, and configured area. L1 LAN IIH: Sent by Level 1 routers on multi-access networks (like Ethernet). L2 LAN IIH: Sent by Level 2 routers on multi-access networks. P2P IIH: A single format used for point-to-point links, regardless of level. LSP (Link State PDU) - Carries the actual routing information, including connected neighbors, configured prefixes, and metric costs. Each LSP has a sequence number, checksum, and remaining lifetime. L1 LSP: Contains routing information for the local area. L2 LSP: Contains backbone routing information. CSNP (Complete Sequence Number PDU) - Contains a complete list of all LSPs in a router’s LSDB. Used to ensure every router in the area has a consistent view of the network. L1 CSNP: Summarizes the Level 1 LSDB. L2 CSNP: Summarizes the Level 2 LSDB. On LAN segments, the DIS sends these periodically. On point-to-point links, they are typically sent only when the link first comes up. PSNP (Partial Sequence Number PDU) - Used to request missing LSPs or acknowledge receipt of specific LSPs. Unlike CSNPs, they only reference a subset of LSPs. L1 PSNP / L2 PSNP: Used to fill gaps after a CSNP reveals a missing LSP, or as an explicit ACK on point-to-point links. Type, Length, Value (TLVs) TLVs are the data structures embedded inside LSPs that carry routing information. Key TLVs to know for JNCIS-SP: ...

Layer 2 Bridging and VLANs Service provider networks often need to deliver Layer 2 connectivity between geographically separated customer sites. Junos implements this using bridge domains, which define the L2 forwarding boundaries, and 802.1ad (Q-in-Q) to tunnel customer VLAN spaces across the provider network without overlap. Terms Bridge Domain — a Layer 2 forwarding domain. Analogous to a VLAN. Defines which interfaces share the same broadcast domain and MAC table. EVC (Ethernet Virtual Connection) — the L2 service sold by the SP to the customer. Defines the endpoints of a Layer 2 circuit. C-Tag (Customer Tag) — the inner 802.1q tag. Any VLAN 1–4094 from the customer’s space. S-Tag (Service Tag) — the outer 802.1ad tag. Assigned by the SP to identify the customer. Encapsulates all of that customer’s C-Tags. PBN (Provider Bridge Network) — the entire SP Layer 2 fabric. PEB (Provider Edge Bridge) — the SP edge device. Pushes/pops S-Tags on customer-facing ports. S-VLAN Bridge — an interior SP device that only examines and switches based on the S-Tag. Customer ports — PEB ports facing the customer. S-Tags are applied or removed here. Network ports — interior SP ports that carry double-tagged frames without modification. IRB (Integrated Routing and Bridging) — a logical interface that gives a bridge domain an IP address, enabling the router to act as the default gateway for hosts in that domain. 802.1q The standard VLAN tagging protocol. Inserts a 4-byte tag into the Ethernet frame. ...

MPLS (Multiprotocol Label Switching) MPLS is a forwarding mechanism that uses short, fixed-length labels to make packet-forwarding decisions instead of performing a full IP lookup at every hop. Labels are applied at the ingress of an MPLS domain and stripped at the egress, with each transit router performing only a label swap — making forwarding fast and enabling traffic engineering, VPNs, and QoS capabilities. Terms LSR (Label Switching Router) - Any router participating in MPLS forwarding. Performs label push, swap, or pop. LSP (Label Switched Path) - The unidirectional path a labeled packet takes from ingress to egress LSR. FEC (Forwarding Equivalence Class) - A group of packets that receive identical forwarding treatment and are assigned the same label at ingress. The ingress router decides the FEC assignment; downstream routers just label-switch. Ingress LSR - The first router in an LSP. Classifies traffic into FECs and pushes labels. Egress LSR - The last router in an LSP. Removes the label and forwards the original packet. Transit LSR (P router) - An interior provider router. Swaps labels and forwards without examining the inner IP header. PE (Provider Edge) - ISP router at the edge of the MPLS domain that interfaces with customer equipment. Performs label push/pop for customer traffic. CE (Customer Edge) - Customer device that connects to the PE. Not aware of MPLS. LIB (Label Information Base) - The full table of all label bindings a router has received. Not all entries are actively used for forwarding. LFIB (Label Forwarding Information Base) - The active subset of the LIB used for actual forwarding decisions. This is what the data plane uses. TED (Traffic Engineering Database) - Populated by IGP TE extensions; stores link-state info (bandwidth, admin groups) used by CSPF to calculate constrained paths. Label Operations Operation Description Push Add a new label to the top of the label stack. Done by the ingress LSR. Swap Replace the top label with a new one. Done by transit LSRs. Pop Remove the top label from the stack. Done by the egress LSR or the penultimate hop. MPLS Label Structure Each MPLS label is a 32-bit field inserted between the Layer 2 and Layer 3 headers (sometimes called a “shim header”). Multiple labels can be stacked. ...

OSPF (Open Shortest Path First) OSPF is a link-state interior gateway protocol (IGP). Each router floods Link-State Advertisements (LSAs) describing its interfaces and neighbors. Every router builds an identical Link-State Database (LSDB) and runs the Dijkstra SPF algorithm to compute the shortest path tree. OSPF runs directly over IP (protocol 89) and uses multicast for efficiency. Default route preferences in Junos: OSPF Internal routes: 10 OSPF AS External routes: 150 Terms LSDB (Link-State Database) - The topological database. Within a single area, all routers must have an identical LSDB. SPF (Shortest Path First) - The Dijkstra algorithm each router runs against the LSDB to compute best paths. Router ID (RID) - A 32-bit identifier unique to each OSPF router. Junos selects the RID in this order: explicitly configured → highest active loopback IP → highest physical interface IP. Best practice is to configure it explicitly. ABR (Area Border Router) - A router with interfaces in multiple OSPF areas. Generates Type 3 (Summary) LSAs between areas. ASBR (AS Boundary Router) - A router that redistributes routes from outside OSPF into the OSPF domain. Generates Type 5 LSAs. Backbone Router - Any router with at least one interface in Area 0. Internal Router - All interfaces are in the same single area. set routing-options router-id 4.4.4.4 OSPF Packet Types OSPF has five packet types. All run directly over IP (protocol 89) — no TCP/UDP — so reliability is handled by LSAcks. ...

Protocol-Independent Routing Protocol-independent routing features work regardless of which dynamic routing protocol is running. This covers how Junos selects routes when multiple sources compete, how to define static and summary routes, how to filter unwanted prefixes, and how to carve the routing table into separate instances for policy-based forwarding and VPNs. Route Preferences When multiple protocols learn a route to the same destination, Junos uses preference (administrative distance) to pick the winner. Lower value wins. ...