[j-nsp] L2VPN debugging...
Dermot Williams
Dermot.Williams at imaginegroup.ie
Mon Feb 15 03:36:02 EST 2010
Hi,
Have you tried adding the appropriate remote site id to each of your
routing-instances?
vpnc-1 {
instance-type l2vpn;
interface ge-0/0/2.600;
route-distinguisher 10.0.3.4:1;
vrf-import c1-import;
vrf-export c1-export;
protocols {
l2vpn {
encapsulation-type ethernet-vlan;
site c1 {
site-identifier 1;
interface ge-0/0/2.600 {
remote-site-id 2;
}
}
}
}
}
Dermot
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of Hoogen
> Sent: 15 February 2010 07:11
> To: Sean Clarke; mtinka at globaltransit.net
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] L2VPN debugging...
>
> Connection is as follows
>
> C1--R4--R5--R6--C2... R4-R5 are cbgp connections.. R5-R6 is a ibgp
> connections. R5 is a route reflector. R4 and R6 are PE's C1 and C2 are
> CE's
>
> The topology is similar to the JNCIE book by Harry Reynolds..
>
> R4 Configuration
>
> lab at r4# show interfaces ge-0/0/2
> vlan-tagging;
> encapsulation vlan-ccc;
> unit 0 {
> bandwidth 100m;
> vlan-id 1;
> family inet {
> address 172.16.0.5/30;
> }
> }
> unit 600 {
> encapsulation vlan-ccc;
> bandwidth 100m;
> vlan-id 600;
> }
>
> [edit]
> lab at r4#
>
> lab at r4# show protocols bgp
> group cbgp {
> type external;
> export ibgp;
> peer-as 65001;
> neighbor 10.0.2.9 {
> family inet {
> unicast;
> }
> family inet-vpn {
> unicast;
> }
> family l2vpn {
> signaling;
> }
> }
> }
>
> lab at r4# show routing-instances
> vpnc-1 {
> instance-type l2vpn;
> interface ge-0/0/2.600;
> route-distinguisher 10.0.3.4:1;
> vrf-import c1-import;
> vrf-export c1-export;
> protocols {
> l2vpn {
> encapsulation-type ethernet-vlan;
> site c1 {
> site-identifier 1;
> interface ge-0/0/2.600;
> }
> }
> }
> }
>
> lab at r4# run show interfaces terse ge-0/0/2
> Interface Admin Link Proto Local
> Remote
> ge-0/0/2 up up
> ge-0/0/2.0 up up inet 172.16.0.5/30
> ge-0/0/2.600 up up ccc
> ge-0/0/2.32767 up up
>
> [edit]
> lab at r4#
>
> lab at r4# run show mpls lsp ingress
> Ingress LSP: 2 sessions
> To From State Rt ActivePath P
LSPname
> *10.0.9.6 10.0.3.4 Up 0 *
r4-r6*
> 10.0.9.7 10.0.3.4 Up 0 * r4-r7
> Total 2 displayed, Up 2, Down 0
>
> [edit]
> lab at r4#
>
> lab at r4# show policy-options
> policy-statement c1-export {
> term 1 {
> then {
> community add c1-c2-rt;
> accept;
> }
> }
> }
> policy-statement c1-import {
> term 1 {
> from {
> protocol bgp;
> community c1-c2-rt;
> }
> then accept;
> }
> }
> community c1-c2-rt members target:65412:300;
>
> [edit]
> lab at r4#
>
>
> lab at r5# show routing-options
> rib inet.3 {
> static {
> route 0.0.0.0/0 discard;
> }
> }
> autonomous-system 65001;
> confederation 65412 members [ 65000 65001 ];
>
> [edit]
> lab at r5#
>
> lab at r5# show protocols bgp
> group cbgp {
> type external;
> peer-as 65000;
> neighbor 10.0.2.2;
> neighbor 10.0.2.10 {
> family inet {
> unicast;
> }
> family inet-vpn {
> unicast;
> }
> family l2vpn {
> signaling;
> }
> }
> }
> group cluster-2 {
> type internal;
> local-address 10.0.3.5;
> cluster 2.2.2.2;
> neighbor 10.0.9.6 {
> family inet {
> unicast;
> }
> family inet-vpn {
> unicast;
> }
> family l2vpn {
> signaling;
> }
> }
> }
>
> [edit]
> lab at r5#
>
> lab at r6# show protocols bgp
> group cluster-2 {
> type internal;
> local-address 10.0.9.6;
> export ibgp;
> neighbor 10.0.3.5 {
> family inet {
> unicast;
> }
> family inet-vpn {
> unicast;
> }
> family l2vpn {
> signaling;
> }
> }
> }
>
> [edit]
> lab at r6#
>
> lab at r6# run show interfaces terse ge-0/0/1
> Interface Admin Link Proto Local
> Remote
> ge-0/0/1 up up
> ge-0/0/1.0 up up inet 172.16.0.9/30
> ge-0/0/1.600 up up ccc
> ge-0/0/1.32767 up up
>
> [edit]
> lab at r6#
>
> lab at r6# show routing-instances
> vpna-2 {
> instance-type vrf;
> interface ge-0/0/1.0;
> route-distinguisher 65412:302;
> vrf-target {
> import target:65412:301;
> export target:65412:302;
> }
> protocols {
> bgp {
> group c2 {
> type external;
> peer-as 65020;
> neighbor 172.16.0.10;
> }
> }
> }
> }
> vpnc-1 {
> instance-type l2vpn;
> interface ge-0/0/1.600;
> route-distinguisher 10.0.9.6:2;
> vrf-import c2-import;
> vrf-export c2-export;
> protocols {
> l2vpn {
> encapsulation-type ethernet-vlan;
> site c2 {
> site-identifier 2;
> interface ge-0/0/1.600;
> }
> }
> }
> }
>
> [edit]
> lab at r6#
>
>
> lab at r6# run show mpls lsp ingress
> Ingress LSP: 3 sessions
> To From State Rt ActivePath P
LSPname
> *10.0.3.4 10.0.9.6 Up 0 *
r6-r4*
> 10.0.6.2 10.0.9.6 Up 1 use-r1 * lsp-c
> 10.0.9.7 10.0.9.6 Up 0 * r6-r7
> Total 3 displayed, Up 3, Down 0
>
> [edit]
> lab at r6#
>
> lab at r4# show policy-options
> policy-statement c2-export {
> term 1 {
> then {
> community add c1-c2-rt;
> accept;
> }
> }
> }
> policy-statement c2-import {
> term 1 {
> from {
> protocol bgp;
> community c1-c2-rt;
> }
> then accept;
> }
> }
> community c1-c2-rt members target:65412:300;
>
> [edit]
> lab at r6#
>
> Hopefully I have covered all the configurations here... It is a
Juniper
> to
> Juniper scenario.. I am using J-Series with code 8.3R4.3 . Do let me
> know if
> you do need more information... VC-Dn status usually would mean lsp to
> neighbor not present.. But that's not the case in my scenario... Any
> input
> is highly appreciated...
> lab at r4# run show l2vpn connections
> Layer-2 VPN connections:
>
> Legend for connection status (St)
> EI -- encapsulation invalid NC -- interface encapsulation not
> CCC/TCC/VPLS
> EM -- encapsulation mismatch WE -- interface and instance encaps
> not
> same
> VC-Dn -- Virtual circuit down NP -- interface hardware not present
> CM -- control-word mismatch -> -- only outbound connection is up
> CN -- circuit not provisioned <- -- only inbound connection is up
> OR -- out of range Up -- operational
> OL -- no outgoing label Dn -- down
> LD -- local site signaled down CF -- call admission control failure
> RD -- remote site signaled down SC -- local and remote site ID
> collision
> LN -- local site not designated LM -- local site ID not minimum
> designated
> RN -- remote site not designated RM -- remote site ID not minimum
> designated
> XX -- unknown connection status IL -- no incoming label
>
> Legend for interface status
> Up -- operational
> Dn -- down
>
> Instance: vpnc-1
> Local site: c1 (1)
> connection-site Type St Time last up # Up
> trans
> 2 rmt VC-Dn -----
> 0
> Local interface: ge-0/0/2.600, Status: Up, Encapsulation: VLAN
> Remote PE: 10.0.9.6, Negotiated control-word: Yes (Null)
> Incoming label: 800003, Outgoing label: 800004
>
> [edit]
> lab at r4#
>
> Thanks,
> Hoogen
>
>
>
> On Sun, Feb 14, 2010 at 10:32 PM, Sean Clarke <sean1207 at gmail.com>
> wrote:
>
> >
> > What are you connecting too ? Another Juniper ?
> >
> > Please send messages from both ends, also configs, and confirm
> interfaces
> > are UP on each end of the circuit.
> >
> > cheers
> > Sean
> >
> >
> >
> > On 2/15/10 2:43 AM, Hoogen wrote:
> >
> >> Hi All,
> >>
> >> I am having some issues with L2Vpn.. The circuit stays down.. and
> error
> >> messages don't say much... Appreciate it if someone help out here..
> >>
> >> [edit]
> >> lab at r4# Feb 15 01:44:04.829253 rt_flash_update_callback: flash
> >> vpnc-1-l2vpn
> >> (vpnc-1.l2vpn.0) start
> >> Feb 15 01:44:04.829288 Flash call for L2VPN from vpnc-1.L2VPN.0
> >> Feb 15 01:44:04.829300 Label-block (off 1, rng 1, label-base
800000,
> >> encaps
> >> 4) add from remote site 2 (RD 10.0.9.6:2:)
> >> Feb 15 01:44:04.829335 task_timer_ucreate: created timer vpnc-1-
> l2vpn_Site
> >> change flags<>
> >> Feb 15 01:44:04.829343 New site with site-id 2 configured on
> remote PE
> >> (RD 10.0.9.6:2:)
> >> Feb 15 01:44:04.829350 Remote Site 2 encaps type updated to 4
> >> Feb 15 01:44:04.829359 Site<remote site> ID 2: Starting timer for
> change
> >> processing, change flags 1C, reason: remote adv recv -- RD
> 10.0.9.6:2:
> >> Feb 15 01:44:04.829367 task_timer_reset: reset vpnc-1-l2vpn_Site
> change
> >> Feb 15 01:44:04.829378 task_timer_set_oneshot_latest: timer
> >> vpnc-1-l2vpn_Site change interval set to 0.046218
> >> Feb 15 01:44:04.829385 Flash processing complete for L2VPN from
> >> vpnc-1.L2VPN.0
> >> Feb 15 01:44:04.829401 rt_flash_update_callback: flash vpnc-1-l2vpn
> >> (vpnc-1.l2vpn.0) done
> >> Feb 15 01:44:04.889158 task_timer_dispatch: calling vpnc-1-
> l2vpn_Site
> >> change, late by 0.013
> >> Feb 15 01:44:04.889166 Handling change processing for remote-site
2:
> >> Feb 15 01:44:04.889172 Starting change processing for remote-site
2:
> flags
> >> 0x1c
> >> Feb 15 01:44:04.889181 Insert/update vc from local-site c1(1)
to
> >> remote-site 2
> >> Feb 15 01:44:04.889186 new vc
> >> Feb 15 01:44:04.889193 Insert/update vc (VPN : vpnc-1,
> local-site
> >> :
> >> 1, remote-site : 2)
> >> Feb 15 01:44:04.889224 circuit 0 updated to ge-0/0/2.600
> >> Feb 15 01:44:04.889230 updated circuit 0 to ge-0/0/2.600,
> status
> >> UP
> >> Feb 15 01:44:04.889236 add rti for ifl 300/16
> >> Feb 15 01:44:04.889241 add nhi: ifl ge-0/0/2.600, cw action
> STRIP
> >> Feb 15 01:44:04.889247 Triggering VC status update timer for
> intf
> >> ge-0/0/2.600
> >> Feb 15 01:44:04.889257 Ingress label changed to (800003)
> >> Feb 15 01:44:04.889264 add rti for ifl 0 label 800003 op
> 0/36
> >> Feb 15 01:44:04.889275 add route with prefix ifl 0 label
> 800003 op
> >> 0/36 and nexthop: ifl ge-0/0/2.600, cw action STRIP
> >> Feb 15 01:44:04.889299 updated ingress-label to 800003
> >> Feb 15 01:44:04.889305 Egress VPN label changed to (800000)
> >> Feb 15 01:44:04.889310 Route to remote PE updated
> >> Feb 15 01:44:04.889321 add nhi: indirect nexthop: 10.0.9.6,
> cw
> >> action ADD bw 0bps
> >> Feb 15 01:44:04.889330 add route with prefix ifl 300/16 and
> >> indirect
> >> nexthop: 10.0.9.6, cw action ADD, bw 0bps
> >> Feb 15 01:44:04.889367 Site change processing done for site<remote
> site>
> >> ID
> >> 2; cancelling running site change processing timer
> >> Feb 15 01:44:04.889375 task_timer_reset: reset vpnc-1-l2vpn_Site
> change
> >> Feb 15 01:44:04.889380 Handling change processing for remote-site 2
> done
> >> Feb 15 01:44:04.889386 task_timer_dispatch: returned from
> >> vpnc-1-l2vpn_Site
> >> change, rescheduled in 0
> >> Feb 15 01:44:04.889673 Route flash received from mpls.0 : Flash
> >> Feb 15 01:44:04.889683 Triggering VC status update timer for
> intf
> >> ge-0/0/2.600
> >> Feb 15 01:44:06.229230 rt_flash_update_callback: flash vpnc-1-l2vpn
> >> (vpnc-1.l2vpn.0) start
> >> Feb 15 01:44:06.229263 Flash call for L2VPN from vpnc-1.L2VPN.0
> >> Feb 15 01:44:06.229274 Label-block (off 1, rng 1, label-base
800000,
> >> encaps
> >> 4) add from remote site 2 (RD 10.0.9.6:2:)
> >> Feb 15 01:44:06.229286 Site<remote site> ID 2: Starting timer for
> change
> >> processing, change flags 18, reason: remote adv recv -- RD
> 10.0.9.6:2:
> >> Feb 15 01:44:06.229295 task_timer_reset: reset vpnc-1-l2vpn_Site
> change
> >> Feb 15 01:44:06.229307 task_timer_set_oneshot_latest: timer
> >> vpnc-1-l2vpn_Site change interval set to 0.046559
> >> Feb 15 01:44:06.229313 Flash processing complete for L2VPN from
> >> vpnc-1.L2VPN.0
> >> Feb 15 01:44:06.229320 rt_flash_update_callback: flash vpnc-1-l2vpn
> >> (vpnc-1.l2vpn.0) done
> >> Feb 15 01:44:06.289041 task_timer_dispatch: calling vpnc-1-
> l2vpn_Site
> >> change, late by 0.013
> >> Feb 15 01:44:06.289050 Handling change processing for remote-site
2:
> >> Feb 15 01:44:06.289056 Starting change processing for remote-site
2:
> flags
> >> 0x18
> >> Feb 15 01:44:06.289082 Insert/update vc from local-site c1(1)
to
> >> remote-site 2
> >> Feb 15 01:44:06.289090 Insert/update vc (VPN : vpnc-1,
> local-site
> >> :
> >> 1, remote-site : 2)
> >> Feb 15 01:44:06.289095 Triggering VC status update timer for
> intf
> >> ge-0/0/2.600
> >> Feb 15 01:44:06.289102 Site change processing done for site<remote
> site>
> >> ID
> >> 2; cancelling running site change processing timer
> >> Feb 15 01:44:06.289108 task_timer_reset: reset vpnc-1-l2vpn_Site
> change
> >> Feb 15 01:44:06.289113 Handling change processing for remote-site 2
> done
> >> Feb 15 01:44:06.289119 task_timer_dispatch: returned from
> >> vpnc-1-l2vpn_Site
> >> change, rescheduled in 0
> >> Feb 15 01:44:06.549028 Recomputing the status of the VC for
> interface :
> >> ge-0/0/2.600
> >>
> >>
> >> [edit]
> >> lab at r4# run show l2vpn connections extensive
> >> Layer-2 VPN connections:
> >>
> >> Legend for connection status (St)
> >> EI -- encapsulation invalid NC -- interface encapsulation not
> >> CCC/TCC/VPLS
> >> EM -- encapsulation mismatch WE -- interface and instance
encaps
> not
> >> same
> >> VC-Dn -- Virtual circuit down NP -- interface hardware not
> present
> >> CM -- control-word mismatch -> -- only outbound connection is
> up
> >> CN -- circuit not provisioned<- -- only inbound connection is up
> >> OR -- out of range Up -- operational
> >> OL -- no outgoing label Dn -- down
> >> LD -- local site signaled down CF -- call admission control
> failure
> >> RD -- remote site signaled down SC -- local and remote site ID
> collision
> >> LN -- local site not designated LM -- local site ID not minimum
> >> designated
> >> RN -- remote site not designated RM -- remote site ID not minimum
> >> designated
> >> XX -- unknown connection status IL -- no incoming label
> >>
> >> Legend for interface status
> >> Up -- operational
> >> Dn -- down
> >>
> >> Instance: vpnc-1
> >> Local site: c1 (1)
> >> Number of local interfaces: 1
> >> Number of local interfaces up: 1
> >> ge-0/0/2.600 2
> >> Interface flags: VC-Down
> >> 800002 1 2 100
> >> status-vector: 80
> >> connection-site Type St Time last up #
> Up
> >> trans
> >> * 2 rmt VC-Dn -----
> >> 0
> >> *
> >> Local interface: ge-0/0/2.600, Status: Up, Encapsulation:
VLAN
> >> Remote PE: 10.0.9.6, Negotiated control-word: Yes (Null)
> >> Incoming label: 800003, Outgoing label: 800000
> >> Time Event
> Interface/Lbl/PE
> >> Feb 15 01:44:04 2010 PE route changed
> >> Feb 15 01:44:04 2010 Out lbl Update
> 800000
> >> Feb 15 01:44:04 2010 In lbl Update
> 800003
> >> Feb 15 01:44:04 2010 loc intf up ge-
> 0/0/2.600
> >>
> >> [edit]
> >> lab at r4#
> >>
> >> Thanks,
> >> Hoogen
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>
> >>
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list