[j-nsp] L2VPN debugging...
Phil Bedard
philxor at gmail.com
Mon Feb 15 10:08:27 EST 2010
What do your L2VPN routes look like on all of the BGP speaking routers? Is there a labeled route in inet.3 to the far-end PE?
Phil
On Feb 15, 2010, at 2:10 AM, Hoogen wrote:
> Connection is as follows
>
> C1--R4--R5--R6--C2... R4-R5 are cbgp connections.. R5-R6 is a ibgp
> connections. R5 is a route reflector. R4 and R6 are PE's C1 and C2 are CE's
>
> The topology is similar to the JNCIE book by Harry Reynolds..
>
> R4 Configuration
>
> lab at r4# show interfaces ge-0/0/2
> vlan-tagging;
> encapsulation vlan-ccc;
> unit 0 {
> bandwidth 100m;
> vlan-id 1;
> family inet {
> address 172.16.0.5/30;
> }
> }
> unit 600 {
> encapsulation vlan-ccc;
> bandwidth 100m;
> vlan-id 600;
> }
>
> [edit]
> lab at r4#
>
> lab at r4# show protocols bgp
> group cbgp {
> type external;
> export ibgp;
> peer-as 65001;
> neighbor 10.0.2.9 {
> family inet {
> unicast;
> }
> family inet-vpn {
> unicast;
> }
> family l2vpn {
> signaling;
> }
> }
> }
>
> lab at r4# show routing-instances
> vpnc-1 {
> instance-type l2vpn;
> interface ge-0/0/2.600;
> route-distinguisher 10.0.3.4:1;
> vrf-import c1-import;
> vrf-export c1-export;
> protocols {
> l2vpn {
> encapsulation-type ethernet-vlan;
> site c1 {
> site-identifier 1;
> interface ge-0/0/2.600;
> }
> }
> }
> }
>
> lab at r4# run show interfaces terse ge-0/0/2
> Interface Admin Link Proto Local Remote
> ge-0/0/2 up up
> ge-0/0/2.0 up up inet 172.16.0.5/30
> ge-0/0/2.600 up up ccc
> ge-0/0/2.32767 up up
>
> [edit]
> lab at r4#
>
> lab at r4# run show mpls lsp ingress
> Ingress LSP: 2 sessions
> To From State Rt ActivePath P LSPname
> *10.0.9.6 10.0.3.4 Up 0 * r4-r6*
> 10.0.9.7 10.0.3.4 Up 0 * r4-r7
> Total 2 displayed, Up 2, Down 0
>
> [edit]
> lab at r4#
>
> lab at r4# show policy-options
> policy-statement c1-export {
> term 1 {
> then {
> community add c1-c2-rt;
> accept;
> }
> }
> }
> policy-statement c1-import {
> term 1 {
> from {
> protocol bgp;
> community c1-c2-rt;
> }
> then accept;
> }
> }
> community c1-c2-rt members target:65412:300;
>
> [edit]
> lab at r4#
>
>
> lab at r5# show routing-options
> rib inet.3 {
> static {
> route 0.0.0.0/0 discard;
> }
> }
> autonomous-system 65001;
> confederation 65412 members [ 65000 65001 ];
>
> [edit]
> lab at r5#
>
> lab at r5# show protocols bgp
> group cbgp {
> type external;
> peer-as 65000;
> neighbor 10.0.2.2;
> neighbor 10.0.2.10 {
> family inet {
> unicast;
> }
> family inet-vpn {
> unicast;
> }
> family l2vpn {
> signaling;
> }
> }
> }
> group cluster-2 {
> type internal;
> local-address 10.0.3.5;
> cluster 2.2.2.2;
> neighbor 10.0.9.6 {
> family inet {
> unicast;
> }
> family inet-vpn {
> unicast;
> }
> family l2vpn {
> signaling;
> }
> }
> }
>
> [edit]
> lab at r5#
>
> lab at r6# show protocols bgp
> group cluster-2 {
> type internal;
> local-address 10.0.9.6;
> export ibgp;
> neighbor 10.0.3.5 {
> family inet {
> unicast;
> }
> family inet-vpn {
> unicast;
> }
> family l2vpn {
> signaling;
> }
> }
> }
>
> [edit]
> lab at r6#
>
> lab at r6# run show interfaces terse ge-0/0/1
> Interface Admin Link Proto Local Remote
> ge-0/0/1 up up
> ge-0/0/1.0 up up inet 172.16.0.9/30
> ge-0/0/1.600 up up ccc
> ge-0/0/1.32767 up up
>
> [edit]
> lab at r6#
>
> lab at r6# show routing-instances
> vpna-2 {
> instance-type vrf;
> interface ge-0/0/1.0;
> route-distinguisher 65412:302;
> vrf-target {
> import target:65412:301;
> export target:65412:302;
> }
> protocols {
> bgp {
> group c2 {
> type external;
> peer-as 65020;
> neighbor 172.16.0.10;
> }
> }
> }
> }
> vpnc-1 {
> instance-type l2vpn;
> interface ge-0/0/1.600;
> route-distinguisher 10.0.9.6:2;
> vrf-import c2-import;
> vrf-export c2-export;
> protocols {
> l2vpn {
> encapsulation-type ethernet-vlan;
> site c2 {
> site-identifier 2;
> interface ge-0/0/1.600;
> }
> }
> }
> }
>
> [edit]
> lab at r6#
>
>
> lab at r6# run show mpls lsp ingress
> Ingress LSP: 3 sessions
> To From State Rt ActivePath P LSPname
> *10.0.3.4 10.0.9.6 Up 0 * r6-r4*
> 10.0.6.2 10.0.9.6 Up 1 use-r1 * lsp-c
> 10.0.9.7 10.0.9.6 Up 0 * r6-r7
> Total 3 displayed, Up 3, Down 0
>
> [edit]
> lab at r6#
>
> lab at r4# show policy-options
> policy-statement c2-export {
> term 1 {
> then {
> community add c1-c2-rt;
> accept;
> }
> }
> }
> policy-statement c2-import {
> term 1 {
> from {
> protocol bgp;
> community c1-c2-rt;
> }
> then accept;
> }
> }
> community c1-c2-rt members target:65412:300;
>
> [edit]
> lab at r6#
>
> Hopefully I have covered all the configurations here... It is a Juniper to
> Juniper scenario.. I am using J-Series with code 8.3R4.3 . Do let me know if
> you do need more information... VC-Dn status usually would mean lsp to
> neighbor not present.. But that's not the case in my scenario... Any input
> is highly appreciated...
> lab at r4# run show l2vpn connections
> Layer-2 VPN connections:
>
> Legend for connection status (St)
> EI -- encapsulation invalid NC -- interface encapsulation not
> CCC/TCC/VPLS
> EM -- encapsulation mismatch WE -- interface and instance encaps not
> same
> VC-Dn -- Virtual circuit down NP -- interface hardware not present
> CM -- control-word mismatch -> -- only outbound connection is up
> CN -- circuit not provisioned <- -- only inbound connection is up
> OR -- out of range Up -- operational
> OL -- no outgoing label Dn -- down
> LD -- local site signaled down CF -- call admission control failure
> RD -- remote site signaled down SC -- local and remote site ID collision
> LN -- local site not designated LM -- local site ID not minimum designated
> RN -- remote site not designated RM -- remote site ID not minimum designated
> XX -- unknown connection status IL -- no incoming label
>
> Legend for interface status
> Up -- operational
> Dn -- down
>
> Instance: vpnc-1
> Local site: c1 (1)
> connection-site Type St Time last up # Up trans
> 2 rmt VC-Dn ----- 0
> Local interface: ge-0/0/2.600, Status: Up, Encapsulation: VLAN
> Remote PE: 10.0.9.6, Negotiated control-word: Yes (Null)
> Incoming label: 800003, Outgoing label: 800004
>
> [edit]
> lab at r4#
>
> Thanks,
> Hoogen
>
>
>
> On Sun, Feb 14, 2010 at 10:32 PM, Sean Clarke <sean1207 at gmail.com> wrote:
>
>>
>> What are you connecting too ? Another Juniper ?
>>
>> Please send messages from both ends, also configs, and confirm interfaces
>> are UP on each end of the circuit.
>>
>> cheers
>> Sean
>>
>>
>>
>> On 2/15/10 2:43 AM, Hoogen wrote:
>>
>>> Hi All,
>>>
>>> I am having some issues with L2Vpn.. The circuit stays down.. and error
>>> messages don't say much... Appreciate it if someone help out here..
>>>
>>> [edit]
>>> lab at r4# Feb 15 01:44:04.829253 rt_flash_update_callback: flash
>>> vpnc-1-l2vpn
>>> (vpnc-1.l2vpn.0) start
>>> Feb 15 01:44:04.829288 Flash call for L2VPN from vpnc-1.L2VPN.0
>>> Feb 15 01:44:04.829300 Label-block (off 1, rng 1, label-base 800000,
>>> encaps
>>> 4) add from remote site 2 (RD 10.0.9.6:2:)
>>> Feb 15 01:44:04.829335 task_timer_ucreate: created timer vpnc-1-l2vpn_Site
>>> change flags<>
>>> Feb 15 01:44:04.829343 New site with site-id 2 configured on remote PE
>>> (RD 10.0.9.6:2:)
>>> Feb 15 01:44:04.829350 Remote Site 2 encaps type updated to 4
>>> Feb 15 01:44:04.829359 Site<remote site> ID 2: Starting timer for change
>>> processing, change flags 1C, reason: remote adv recv -- RD 10.0.9.6:2:
>>> Feb 15 01:44:04.829367 task_timer_reset: reset vpnc-1-l2vpn_Site change
>>> Feb 15 01:44:04.829378 task_timer_set_oneshot_latest: timer
>>> vpnc-1-l2vpn_Site change interval set to 0.046218
>>> Feb 15 01:44:04.829385 Flash processing complete for L2VPN from
>>> vpnc-1.L2VPN.0
>>> Feb 15 01:44:04.829401 rt_flash_update_callback: flash vpnc-1-l2vpn
>>> (vpnc-1.l2vpn.0) done
>>> Feb 15 01:44:04.889158 task_timer_dispatch: calling vpnc-1-l2vpn_Site
>>> change, late by 0.013
>>> Feb 15 01:44:04.889166 Handling change processing for remote-site 2:
>>> Feb 15 01:44:04.889172 Starting change processing for remote-site 2: flags
>>> 0x1c
>>> Feb 15 01:44:04.889181 Insert/update vc from local-site c1(1) to
>>> remote-site 2
>>> Feb 15 01:44:04.889186 new vc
>>> Feb 15 01:44:04.889193 Insert/update vc (VPN : vpnc-1, local-site
>>> :
>>> 1, remote-site : 2)
>>> Feb 15 01:44:04.889224 circuit 0 updated to ge-0/0/2.600
>>> Feb 15 01:44:04.889230 updated circuit 0 to ge-0/0/2.600, status
>>> UP
>>> Feb 15 01:44:04.889236 add rti for ifl 300/16
>>> Feb 15 01:44:04.889241 add nhi: ifl ge-0/0/2.600, cw action STRIP
>>> Feb 15 01:44:04.889247 Triggering VC status update timer for intf
>>> ge-0/0/2.600
>>> Feb 15 01:44:04.889257 Ingress label changed to (800003)
>>> Feb 15 01:44:04.889264 add rti for ifl 0 label 800003 op 0/36
>>> Feb 15 01:44:04.889275 add route with prefix ifl 0 label 800003 op
>>> 0/36 and nexthop: ifl ge-0/0/2.600, cw action STRIP
>>> Feb 15 01:44:04.889299 updated ingress-label to 800003
>>> Feb 15 01:44:04.889305 Egress VPN label changed to (800000)
>>> Feb 15 01:44:04.889310 Route to remote PE updated
>>> Feb 15 01:44:04.889321 add nhi: indirect nexthop: 10.0.9.6, cw
>>> action ADD bw 0bps
>>> Feb 15 01:44:04.889330 add route with prefix ifl 300/16 and
>>> indirect
>>> nexthop: 10.0.9.6, cw action ADD, bw 0bps
>>> Feb 15 01:44:04.889367 Site change processing done for site<remote site>
>>> ID
>>> 2; cancelling running site change processing timer
>>> Feb 15 01:44:04.889375 task_timer_reset: reset vpnc-1-l2vpn_Site change
>>> Feb 15 01:44:04.889380 Handling change processing for remote-site 2 done
>>> Feb 15 01:44:04.889386 task_timer_dispatch: returned from
>>> vpnc-1-l2vpn_Site
>>> change, rescheduled in 0
>>> Feb 15 01:44:04.889673 Route flash received from mpls.0 : Flash
>>> Feb 15 01:44:04.889683 Triggering VC status update timer for intf
>>> ge-0/0/2.600
>>> Feb 15 01:44:06.229230 rt_flash_update_callback: flash vpnc-1-l2vpn
>>> (vpnc-1.l2vpn.0) start
>>> Feb 15 01:44:06.229263 Flash call for L2VPN from vpnc-1.L2VPN.0
>>> Feb 15 01:44:06.229274 Label-block (off 1, rng 1, label-base 800000,
>>> encaps
>>> 4) add from remote site 2 (RD 10.0.9.6:2:)
>>> Feb 15 01:44:06.229286 Site<remote site> ID 2: Starting timer for change
>>> processing, change flags 18, reason: remote adv recv -- RD 10.0.9.6:2:
>>> Feb 15 01:44:06.229295 task_timer_reset: reset vpnc-1-l2vpn_Site change
>>> Feb 15 01:44:06.229307 task_timer_set_oneshot_latest: timer
>>> vpnc-1-l2vpn_Site change interval set to 0.046559
>>> Feb 15 01:44:06.229313 Flash processing complete for L2VPN from
>>> vpnc-1.L2VPN.0
>>> Feb 15 01:44:06.229320 rt_flash_update_callback: flash vpnc-1-l2vpn
>>> (vpnc-1.l2vpn.0) done
>>> Feb 15 01:44:06.289041 task_timer_dispatch: calling vpnc-1-l2vpn_Site
>>> change, late by 0.013
>>> Feb 15 01:44:06.289050 Handling change processing for remote-site 2:
>>> Feb 15 01:44:06.289056 Starting change processing for remote-site 2: flags
>>> 0x18
>>> Feb 15 01:44:06.289082 Insert/update vc from local-site c1(1) to
>>> remote-site 2
>>> Feb 15 01:44:06.289090 Insert/update vc (VPN : vpnc-1, local-site
>>> :
>>> 1, remote-site : 2)
>>> Feb 15 01:44:06.289095 Triggering VC status update timer for intf
>>> ge-0/0/2.600
>>> Feb 15 01:44:06.289102 Site change processing done for site<remote site>
>>> ID
>>> 2; cancelling running site change processing timer
>>> Feb 15 01:44:06.289108 task_timer_reset: reset vpnc-1-l2vpn_Site change
>>> Feb 15 01:44:06.289113 Handling change processing for remote-site 2 done
>>> Feb 15 01:44:06.289119 task_timer_dispatch: returned from
>>> vpnc-1-l2vpn_Site
>>> change, rescheduled in 0
>>> Feb 15 01:44:06.549028 Recomputing the status of the VC for interface :
>>> ge-0/0/2.600
>>>
>>>
>>> [edit]
>>> lab at r4# run show l2vpn connections extensive
>>> Layer-2 VPN connections:
>>>
>>> Legend for connection status (St)
>>> EI -- encapsulation invalid NC -- interface encapsulation not
>>> CCC/TCC/VPLS
>>> EM -- encapsulation mismatch WE -- interface and instance encaps not
>>> same
>>> VC-Dn -- Virtual circuit down NP -- interface hardware not present
>>> CM -- control-word mismatch -> -- only outbound connection is up
>>> CN -- circuit not provisioned<- -- only inbound connection is up
>>> OR -- out of range Up -- operational
>>> OL -- no outgoing label Dn -- down
>>> LD -- local site signaled down CF -- call admission control failure
>>> RD -- remote site signaled down SC -- local and remote site ID collision
>>> LN -- local site not designated LM -- local site ID not minimum
>>> designated
>>> RN -- remote site not designated RM -- remote site ID not minimum
>>> designated
>>> XX -- unknown connection status IL -- no incoming label
>>>
>>> Legend for interface status
>>> Up -- operational
>>> Dn -- down
>>>
>>> Instance: vpnc-1
>>> Local site: c1 (1)
>>> Number of local interfaces: 1
>>> Number of local interfaces up: 1
>>> ge-0/0/2.600 2
>>> Interface flags: VC-Down
>>> 800002 1 2 100
>>> status-vector: 80
>>> connection-site Type St Time last up # Up
>>> trans
>>> * 2 rmt VC-Dn -----
>>> 0
>>> *
>>> Local interface: ge-0/0/2.600, Status: Up, Encapsulation: VLAN
>>> Remote PE: 10.0.9.6, Negotiated control-word: Yes (Null)
>>> Incoming label: 800003, Outgoing label: 800000
>>> Time Event Interface/Lbl/PE
>>> Feb 15 01:44:04 2010 PE route changed
>>> Feb 15 01:44:04 2010 Out lbl Update 800000
>>> Feb 15 01:44:04 2010 In lbl Update 800003
>>> Feb 15 01:44:04 2010 loc intf up ge-0/0/2.600
>>>
>>> [edit]
>>> lab at r4#
>>>
>>> Thanks,
>>> Hoogen
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>>
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list