troubleshooting MPLS VPN...my own methodology from Abdullah Al-Malki on 2011-05-31 (Ccielab archives 05/2011)

From: Abdullah Al-Malki <a.almalki1402_at_gmail.com>
Date: Tue, 31 May 2011 13:20:54 +0300

Hello Experts,

I was trying to write a simple process to troubleshoot MPLS VPNs that can
help in minimizing the time taken to solve such problems.

Please feel free to add to it and correct me if I am wrong

Here I am assuming one VRF and two PEs that have iBGP session established
between them

................

How to troubleshoot MPLS VPN???

First,troubleshoot the MPLS infrastructure

1-go to PE 1 and find out what are its vpnv4 peers and what is its update
source is and what is the IP of the peer (the other PE in this case).
2-trace the second PE loopback and make sure you traverse each hop in the
core swapping a label except the
last one.

R4#*traceroute 1.1.1.1*

Type escape sequence to abort.
Tracing the route to 1.1.1.1

  1 34.34.34.3 [MPLS: Label 16 Exp 0] 128 msec 20 msec 52 msec
  2 33.33.33.2 [MPLS: Label 16 Exp 0] 140 msec 76 msec 84 msec
  3 12.12.12.1 64 msec * 116 msec
R4#

(make sure PEs have IP and MPLS connectivity)
3-If there is a break in the MPLS labels swapping shown by trace, find the
node that didnt look
that address in its mpls forwarding table

Possible reasons:
No LDP adjancy because of
LDP/TDP protocol mismatch.....
authentication
CEF disabled
the LDP interface is not the best way to reach the other neighbor LDP router
id(use mpls ldp discovery transport interface)

check if a router in the middle has an access list that advertise labels
only for specific IPs
*mpls ldp advertise for acl*
*
*
access list blocking TCP port 646

Next, Troubleshoot MP-BGP
1-Check if you have a valid MP-BGP peering between the PEs
*show ip bgp vpn4 all summary*

2-make sure you PEs are exchanging routes
again show ip bgp vpn4 all summary

*show ip bgp neighbors 1.1.1.1 | i Address*
* Address family IPv4 Unicast: advertised and received*
* Address family VPNv4 Unicast: advertised and received*
*
*
*show ip bgp neigh x.x.x.x advertised*
If not, check if you are not activating that neighbor into VPN4 address
family or not
and of course exchanging extended community

Make sure PEs update source IPs are /32

check if BGP is redistributing the VRF routing process and vice versa

Third,
make sure VRF configuration matches the otherside in terms of RDs and
import/export route targets.

Finally
last thing make sure PE-CE routing is working and you can exchange customer
routing

Regards,
Abdullah

Blogs and organic groups at http://www.ccie.net
Received on Tue May 31 2011 - 13:20:54 ART

This archive was generated by hypermail 2.2.0 : Wed Jun 01 2011 - 09:01:12 ART