[j-nsp] L2VPN debugging...
Nilesh Khambal
nkhambal at juniper.net
Mon Feb 15 10:48:41 EST 2010
Do the core facing interfaces on R4 and R6 have "family mpls" enabled. Doesn't look like it is enabled, from the attached config snippet. Also, make sure both core facing interfaces on R5, towards R4 and R6 have "family mpls" turned on.
Thanks,
Nilesh.
----- Original Message -----
From: juniper-nsp-bounces at puck.nether.net <juniper-nsp-bounces at puck.nether.net>
To: Sean Clarke <sean1207 at gmail.com>; mtinka at globaltransit.net <mtinka at globaltransit.net>
Cc: juniper-nsp at puck.nether.net <juniper-nsp at puck.nether.net>
Sent: Sun Feb 14 23:10:43 2010
Subject: Re: [j-nsp] L2VPN debugging...
Connection is as follows
C1--R4--R5--R6--C2... R4-R5 are cbgp connections.. R5-R6 is a ibgp
connections. R5 is a route reflector. R4 and R6 are PE's C1 and C2 are CE's
The topology is similar to the JNCIE book by Harry Reynolds..
R4 Configuration
lab at r4# show interfaces ge-0/0/2
vlan-tagging;
encapsulation vlan-ccc;
unit 0 {
bandwidth 100m;
vlan-id 1;
family inet {
address 172.16.0.5/30;
}
}
unit 600 {
encapsulation vlan-ccc;
bandwidth 100m;
vlan-id 600;
}
[edit]
lab at r4#
lab at r4# show protocols bgp
group cbgp {
type external;
export ibgp;
peer-as 65001;
neighbor 10.0.2.9 {
family inet {
unicast;
}
family inet-vpn {
unicast;
}
family l2vpn {
signaling;
}
}
}
lab at r4# show routing-instances
vpnc-1 {
instance-type l2vpn;
interface ge-0/0/2.600;
route-distinguisher 10.0.3.4:1;
vrf-import c1-import;
vrf-export c1-export;
protocols {
l2vpn {
encapsulation-type ethernet-vlan;
site c1 {
site-identifier 1;
interface ge-0/0/2.600;
}
}
}
}
lab at r4# run show interfaces terse ge-0/0/2
Interface Admin Link Proto Local Remote
ge-0/0/2 up up
ge-0/0/2.0 up up inet 172.16.0.5/30
ge-0/0/2.600 up up ccc
ge-0/0/2.32767 up up
[edit]
lab at r4#
lab at r4# run show mpls lsp ingress
Ingress LSP: 2 sessions
To From State Rt ActivePath P LSPname
*10.0.9.6 10.0.3.4 Up 0 * r4-r6*
10.0.9.7 10.0.3.4 Up 0 * r4-r7
Total 2 displayed, Up 2, Down 0
[edit]
lab at r4#
lab at r4# show policy-options
policy-statement c1-export {
term 1 {
then {
community add c1-c2-rt;
accept;
}
}
}
policy-statement c1-import {
term 1 {
from {
protocol bgp;
community c1-c2-rt;
}
then accept;
}
}
community c1-c2-rt members target:65412:300;
[edit]
lab at r4#
lab at r5# show routing-options
rib inet.3 {
static {
route 0.0.0.0/0 discard;
}
}
autonomous-system 65001;
confederation 65412 members [ 65000 65001 ];
[edit]
lab at r5#
lab at r5# show protocols bgp
group cbgp {
type external;
peer-as 65000;
neighbor 10.0.2.2;
neighbor 10.0.2.10 {
family inet {
unicast;
}
family inet-vpn {
unicast;
}
family l2vpn {
signaling;
}
}
}
group cluster-2 {
type internal;
local-address 10.0.3.5;
cluster 2.2.2.2;
neighbor 10.0.9.6 {
family inet {
unicast;
}
family inet-vpn {
unicast;
}
family l2vpn {
signaling;
}
}
}
[edit]
lab at r5#
lab at r6# show protocols bgp
group cluster-2 {
type internal;
local-address 10.0.9.6;
export ibgp;
neighbor 10.0.3.5 {
family inet {
unicast;
}
family inet-vpn {
unicast;
}
family l2vpn {
signaling;
}
}
}
[edit]
lab at r6#
lab at r6# run show interfaces terse ge-0/0/1
Interface Admin Link Proto Local Remote
ge-0/0/1 up up
ge-0/0/1.0 up up inet 172.16.0.9/30
ge-0/0/1.600 up up ccc
ge-0/0/1.32767 up up
[edit]
lab at r6#
lab at r6# show routing-instances
vpna-2 {
instance-type vrf;
interface ge-0/0/1.0;
route-distinguisher 65412:302;
vrf-target {
import target:65412:301;
export target:65412:302;
}
protocols {
bgp {
group c2 {
type external;
peer-as 65020;
neighbor 172.16.0.10;
}
}
}
}
vpnc-1 {
instance-type l2vpn;
interface ge-0/0/1.600;
route-distinguisher 10.0.9.6:2;
vrf-import c2-import;
vrf-export c2-export;
protocols {
l2vpn {
encapsulation-type ethernet-vlan;
site c2 {
site-identifier 2;
interface ge-0/0/1.600;
}
}
}
}
[edit]
lab at r6#
lab at r6# run show mpls lsp ingress
Ingress LSP: 3 sessions
To From State Rt ActivePath P LSPname
*10.0.3.4 10.0.9.6 Up 0 * r6-r4*
10.0.6.2 10.0.9.6 Up 1 use-r1 * lsp-c
10.0.9.7 10.0.9.6 Up 0 * r6-r7
Total 3 displayed, Up 3, Down 0
[edit]
lab at r6#
lab at r4# show policy-options
policy-statement c2-export {
term 1 {
then {
community add c1-c2-rt;
accept;
}
}
}
policy-statement c2-import {
term 1 {
from {
protocol bgp;
community c1-c2-rt;
}
then accept;
}
}
community c1-c2-rt members target:65412:300;
[edit]
lab at r6#
Hopefully I have covered all the configurations here... It is a Juniper to
Juniper scenario.. I am using J-Series with code 8.3R4.3 . Do let me know if
you do need more information... VC-Dn status usually would mean lsp to
neighbor not present.. But that's not the case in my scenario... Any input
is highly appreciated...
lab at r4# run show l2vpn connections
Layer-2 VPN connections:
Legend for connection status (St)
EI -- encapsulation invalid NC -- interface encapsulation not
CCC/TCC/VPLS
EM -- encapsulation mismatch WE -- interface and instance encaps not
same
VC-Dn -- Virtual circuit down NP -- interface hardware not present
CM -- control-word mismatch -> -- only outbound connection is up
CN -- circuit not provisioned <- -- only inbound connection is up
OR -- out of range Up -- operational
OL -- no outgoing label Dn -- down
LD -- local site signaled down CF -- call admission control failure
RD -- remote site signaled down SC -- local and remote site ID collision
LN -- local site not designated LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status IL -- no incoming label
Legend for interface status
Up -- operational
Dn -- down
Instance: vpnc-1
Local site: c1 (1)
connection-site Type St Time last up # Up trans
2 rmt VC-Dn ----- 0
Local interface: ge-0/0/2.600, Status: Up, Encapsulation: VLAN
Remote PE: 10.0.9.6, Negotiated control-word: Yes (Null)
Incoming label: 800003, Outgoing label: 800004
[edit]
lab at r4#
Thanks,
Hoogen
On Sun, Feb 14, 2010 at 10:32 PM, Sean Clarke <sean1207 at gmail.com> wrote:
>
> What are you connecting too ? Another Juniper ?
>
> Please send messages from both ends, also configs, and confirm interfaces
> are UP on each end of the circuit.
>
> cheers
> Sean
>
>
>
> On 2/15/10 2:43 AM, Hoogen wrote:
>
>> Hi All,
>>
>> I am having some issues with L2Vpn.. The circuit stays down.. and error
>> messages don't say much... Appreciate it if someone help out here..
>>
>> [edit]
>> lab at r4# Feb 15 01:44:04.829253 rt_flash_update_callback: flash
>> vpnc-1-l2vpn
>> (vpnc-1.l2vpn.0) start
>> Feb 15 01:44:04.829288 Flash call for L2VPN from vpnc-1.L2VPN.0
>> Feb 15 01:44:04.829300 Label-block (off 1, rng 1, label-base 800000,
>> encaps
>> 4) add from remote site 2 (RD 10.0.9.6:2:)
>> Feb 15 01:44:04.829335 task_timer_ucreate: created timer vpnc-1-l2vpn_Site
>> change flags<>
>> Feb 15 01:44:04.829343 New site with site-id 2 configured on remote PE
>> (RD 10.0.9.6:2:)
>> Feb 15 01:44:04.829350 Remote Site 2 encaps type updated to 4
>> Feb 15 01:44:04.829359 Site<remote site> ID 2: Starting timer for change
>> processing, change flags 1C, reason: remote adv recv -- RD 10.0.9.6:2:
>> Feb 15 01:44:04.829367 task_timer_reset: reset vpnc-1-l2vpn_Site change
>> Feb 15 01:44:04.829378 task_timer_set_oneshot_latest: timer
>> vpnc-1-l2vpn_Site change interval set to 0.046218
>> Feb 15 01:44:04.829385 Flash processing complete for L2VPN from
>> vpnc-1.L2VPN.0
>> Feb 15 01:44:04.829401 rt_flash_update_callback: flash vpnc-1-l2vpn
>> (vpnc-1.l2vpn.0) done
>> Feb 15 01:44:04.889158 task_timer_dispatch: calling vpnc-1-l2vpn_Site
>> change, late by 0.013
>> Feb 15 01:44:04.889166 Handling change processing for remote-site 2:
>> Feb 15 01:44:04.889172 Starting change processing for remote-site 2: flags
>> 0x1c
>> Feb 15 01:44:04.889181 Insert/update vc from local-site c1(1) to
>> remote-site 2
>> Feb 15 01:44:04.889186 new vc
>> Feb 15 01:44:04.889193 Insert/update vc (VPN : vpnc-1, local-site
>> :
>> 1, remote-site : 2)
>> Feb 15 01:44:04.889224 circuit 0 updated to ge-0/0/2.600
>> Feb 15 01:44:04.889230 updated circuit 0 to ge-0/0/2.600, status
>> UP
>> Feb 15 01:44:04.889236 add rti for ifl 300/16
>> Feb 15 01:44:04.889241 add nhi: ifl ge-0/0/2.600, cw action STRIP
>> Feb 15 01:44:04.889247 Triggering VC status update timer for intf
>> ge-0/0/2.600
>> Feb 15 01:44:04.889257 Ingress label changed to (800003)
>> Feb 15 01:44:04.889264 add rti for ifl 0 label 800003 op 0/36
>> Feb 15 01:44:04.889275 add route with prefix ifl 0 label 800003 op
>> 0/36 and nexthop: ifl ge-0/0/2.600, cw action STRIP
>> Feb 15 01:44:04.889299 updated ingress-label to 800003
>> Feb 15 01:44:04.889305 Egress VPN label changed to (800000)
>> Feb 15 01:44:04.889310 Route to remote PE updated
>> Feb 15 01:44:04.889321 add nhi: indirect nexthop: 10.0.9.6, cw
>> action ADD bw 0bps
>> Feb 15 01:44:04.889330 add route with prefix ifl 300/16 and
>> indirect
>> nexthop: 10.0.9.6, cw action ADD, bw 0bps
>> Feb 15 01:44:04.889367 Site change processing done for site<remote site>
>> ID
>> 2; cancelling running site change processing timer
>> Feb 15 01:44:04.889375 task_timer_reset: reset vpnc-1-l2vpn_Site change
>> Feb 15 01:44:04.889380 Handling change processing for remote-site 2 done
>> Feb 15 01:44:04.889386 task_timer_dispatch: returned from
>> vpnc-1-l2vpn_Site
>> change, rescheduled in 0
>> Feb 15 01:44:04.889673 Route flash received from mpls.0 : Flash
>> Feb 15 01:44:04.889683 Triggering VC status update timer for intf
>> ge-0/0/2.600
>> Feb 15 01:44:06.229230 rt_flash_update_callback: flash vpnc-1-l2vpn
>> (vpnc-1.l2vpn.0) start
>> Feb 15 01:44:06.229263 Flash call for L2VPN from vpnc-1.L2VPN.0
>> Feb 15 01:44:06.229274 Label-block (off 1, rng 1, label-base 800000,
>> encaps
>> 4) add from remote site 2 (RD 10.0.9.6:2:)
>> Feb 15 01:44:06.229286 Site<remote site> ID 2: Starting timer for change
>> processing, change flags 18, reason: remote adv recv -- RD 10.0.9.6:2:
>> Feb 15 01:44:06.229295 task_timer_reset: reset vpnc-1-l2vpn_Site change
>> Feb 15 01:44:06.229307 task_timer_set_oneshot_latest: timer
>> vpnc-1-l2vpn_Site change interval set to 0.046559
>> Feb 15 01:44:06.229313 Flash processing complete for L2VPN from
>> vpnc-1.L2VPN.0
>> Feb 15 01:44:06.229320 rt_flash_update_callback: flash vpnc-1-l2vpn
>> (vpnc-1.l2vpn.0) done
>> Feb 15 01:44:06.289041 task_timer_dispatch: calling vpnc-1-l2vpn_Site
>> change, late by 0.013
>> Feb 15 01:44:06.289050 Handling change processing for remote-site 2:
>> Feb 15 01:44:06.289056 Starting change processing for remote-site 2: flags
>> 0x18
>> Feb 15 01:44:06.289082 Insert/update vc from local-site c1(1) to
>> remote-site 2
>> Feb 15 01:44:06.289090 Insert/update vc (VPN : vpnc-1, local-site
>> :
>> 1, remote-site : 2)
>> Feb 15 01:44:06.289095 Triggering VC status update timer for intf
>> ge-0/0/2.600
>> Feb 15 01:44:06.289102 Site change processing done for site<remote site>
>> ID
>> 2; cancelling running site change processing timer
>> Feb 15 01:44:06.289108 task_timer_reset: reset vpnc-1-l2vpn_Site change
>> Feb 15 01:44:06.289113 Handling change processing for remote-site 2 done
>> Feb 15 01:44:06.289119 task_timer_dispatch: returned from
>> vpnc-1-l2vpn_Site
>> change, rescheduled in 0
>> Feb 15 01:44:06.549028 Recomputing the status of the VC for interface :
>> ge-0/0/2.600
>>
>>
>> [edit]
>> lab at r4# run show l2vpn connections extensive
>> Layer-2 VPN connections:
>>
>> Legend for connection status (St)
>> EI -- encapsulation invalid NC -- interface encapsulation not
>> CCC/TCC/VPLS
>> EM -- encapsulation mismatch WE -- interface and instance encaps not
>> same
>> VC-Dn -- Virtual circuit down NP -- interface hardware not present
>> CM -- control-word mismatch -> -- only outbound connection is up
>> CN -- circuit not provisioned<- -- only inbound connection is up
>> OR -- out of range Up -- operational
>> OL -- no outgoing label Dn -- down
>> LD -- local site signaled down CF -- call admission control failure
>> RD -- remote site signaled down SC -- local and remote site ID collision
>> LN -- local site not designated LM -- local site ID not minimum
>> designated
>> RN -- remote site not designated RM -- remote site ID not minimum
>> designated
>> XX -- unknown connection status IL -- no incoming label
>>
>> Legend for interface status
>> Up -- operational
>> Dn -- down
>>
>> Instance: vpnc-1
>> Local site: c1 (1)
>> Number of local interfaces: 1
>> Number of local interfaces up: 1
>> ge-0/0/2.600 2
>> Interface flags: VC-Down
>> 800002 1 2 100
>> status-vector: 80
>> connection-site Type St Time last up # Up
>> trans
>> * 2 rmt VC-Dn -----
>> 0
>> *
>> Local interface: ge-0/0/2.600, Status: Up, Encapsulation: VLAN
>> Remote PE: 10.0.9.6, Negotiated control-word: Yes (Null)
>> Incoming label: 800003, Outgoing label: 800000
>> Time Event Interface/Lbl/PE
>> Feb 15 01:44:04 2010 PE route changed
>> Feb 15 01:44:04 2010 Out lbl Update 800000
>> Feb 15 01:44:04 2010 In lbl Update 800003
>> Feb 15 01:44:04 2010 loc intf up ge-0/0/2.600
>>
>> [edit]
>> lab at r4#
>>
>> Thanks,
>> Hoogen
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list