Vous êtes sur la page 1sur 10

Troubleshooting MPLS VPN’s

Slide 1

About the Speaker


• Dr. Pete Welcher
– Cisco CCIE #1773, CCSI #94014, CCIP
– Network design & management consulting
• Stock quotation firm, 3000 routers, TCP/IP
• Second stock quotation firm, 2000 routers, UDP
broadcasts
• Hotel chain, 1000 routers, SNA
• Government agency, 1500 routers
– Teach many of the Cisco courses
• Enterprise Networking Magazine articles
– http://www.netcraftsmen.net/welcher/papers

Copyright © 2003, Chesapeake Netcraftsmen Handout Page-1


Objectives
• Upon completion of this lesson, students
will be able to:
• Understand MPLS VPN routing
• Troubleshoot simple MPLS VPN problems

Slide 3

MPLS VPN Big Picture


CE CE
router router

P router P router

SP MPLS Network
PE PE
router router

SP IGP

redistribution BGP IPv4 redistribution


CE-PE VRF MBGP address- MBGP address-
family ipv4 vrf VRF CE-PE
protocol: context family ipv4 vrf
automatic automatic context protocol:
static static
RIPv2 redistribution redistribution RIPv2
OSPF OSPF
eBGP MBGP VPNv4 eBGP

Slide 4

Copyright © 2003, Chesapeake Netcraftsmen Handout Page-2


MPLS VPN Big Picture — 2
• Routing for MPLS VPN requires the
following major components:
–MBGP between PE routers
–SP Core IGP providing routing between MBGP
routers
–CE-PE routing on both sides, in a VRF context
–Static, RIPv2, OSPF require special redistribution
to/from BGP

Slide 5

MBPG Components
• MBGP stores routes for 3 address
families:
–IPv4
–IPv4 VRF contexts
•Routes from eBGP into a VRF context, or
redistributed from another protocol in a VRF context)
–VPNv4 “long addresses”
•RD: IP prefix
• IPv4 and VPNv4 routes advertised to PE
peers

Slide 6

Copyright © 2003, Chesapeake Netcraftsmen Handout Page-3


CE-PE Routing
CE CE
router router

P router P router

SP MPLS Network
PE PE
router router

CE-PE VRF ?
protocol:context • Make sure connected CE routes are
static visible on PE router
RIPv2
OSPF show ip route vrf vrf-name
eBGP

Slide 7

VRF to BGP Redistribution


CE CE
router router

P router P router

SP MPLS Network
PE PE
router router

• Do connected CE routes
redistribution
appear in BGP?
VRF MBGP address- show ip bgp vpnv4 all
context family ipv4 vrf

show ip bgp vpnv4 vrf name

Slide 8

Copyright © 2003, Chesapeake Netcraftsmen Handout Page-4


IGP Routes, BGP Neighbors

CE CE
router router

P router P router

SP MPLS Network
PE PE
router router

SP IGP

BGP IPv4

MBGP VPNv4

Slide 9

BGP Neighbors — 2
• PE routers must be BGP neighbors
show ip bgp vpnv4 all summary

• If not: check route to loopback or


neighbor address of MBGP peer
– Note: show ip bgp summary only shows IPv4
peers, not VPNv4 peers

Slide 10

Copyright © 2003, Chesapeake Netcraftsmen Handout Page-5


Routes Arrive at Right? BGP, VRF?
CE CE
router router

P router P router

SP MPLS Network
PE PE
router router

SP IGP
BGP IPv4
redistribution
CE-PE VRF MBGP address- MBGP address-
protocol: context family ipv4 vrf family ipv4 vrf
static automatic automatic
RIPv2 redistribution redistribution
OSPF MBGP VPNv4
eBGP

Slide 11

Routes Arrive at Right? BGP, VRF?


• Verify that routes from CE to left of picture
arrive at PE on right via MBGP
show ip bgp vpnv4 all

Slide 12

Copyright © 2003, Chesapeake Netcraftsmen Handout Page-6


Routes at Right CE? Redistribution, PE-CE?

CE CE
router router

P router P router

SP MPLS Network
PE PE
router router

SP IGP

BGP IPv4
redistribution redistribution
CE-PE VRF MBGP address- MBGP address-
family ipv4 vrf VRF CE-PE
protocol:context family ipv4 vrf
automatic automatic context protocol:
static static
RIPv2 redistribution redistribution RIPv2
OSPF MBGP VPNv4 OSPF
eBGP eBGP

Slide 13

Routes at Right CE? Redistribution, PE-CE?

• Check the redistribution of the left CE


routers on the right PE router
show ip route vrf vrf-name

• Do these routes arrive at the right CE?


show ip route

Slide 14

Copyright © 2003, Chesapeake Netcraftsmen Handout Page-7


Connectivity Problem?
If you see routes from the left CE and site in
the right CE, but have connectivity
problems:
• Do a trace from the connected PE to PE
–Look for lines missing the MPLS label
• MPLS VPN doesn’t work with “MPLS
dropouts”
–Need a complete label path from PE to the
loopback or MBGP next-hop address of the other
PE

Slide 15

Traceroute with MPLS VPN


• If you have a VPN VRF route to the VPN
(customer) destination, but trace fails to even
show a first hop…
–When TTL reaches zero on a P router, the P router does not
know how to route back to the source address, if the trace
source is a VPN customer site
–So with all VPN traffic, the ICMP TTL-exceeded is sent
onwards using the label that would have been used if the TTL
had not reached zero
–Other end of VPN sends the ICMP TTL-exceeded back
• That means you may not get replies unless the
destination PE or even CE has a route back
–First thing to do: check other end for route back
–Then trace may start working

Slide 16

Copyright © 2003, Chesapeake Netcraftsmen Handout Page-8


Summary

After completing this lesson, you should


be able to complete the following tasks:
• Understand MPLS VPN routing
• Troubleshoot simple MPLS VPN problems

Slide 17

A Word About Us …
• We can provide
– Network design review: how to make
what you have work better
– Periodic strategic advice: what’s the next
step for your network or staff
– Network management tools & procedures advice: what’s right for you
– Implementation guidance (your staff does the details) or full implementation
• We do
– Small- and Large-Scale Routing and Switching (design, health check, etc.)
– IPsec VPN and V3PN (design and implementation)
– QoS (strategy, design and implementation)
– IP Telephony (preparedness survey, design, and implementation)
– Call Manager deployment
– Security
– Network Management (design, installation, tuning, tech transfer, services,
etc.)

Slide 18

Copyright © 2003, Chesapeake Netcraftsmen Handout Page-9


A Word About Us …

Certified by Cisco in:


• IP Telephony
• Network Management
• Wireless
• Security
• (Routing and Switching)

Slide 19

Copyright © 2003, Chesapeake Netcraftsmen Handout Page-10