Mpls l3vpn Tecmpl-3201
Mpls l3vpn Tecmpl-3201
Mpls l3vpn Tecmpl-3201
Troubleshooting
MPLS – On All Cisco
Platforms
Vinit Jain – CCIE# 22854
@vinugenie
Brad Edgeworth – CCIE# 31574
@bradedgeworth
TECMPL-3201
#CLUS
Agenda
• Troubleshooting LDP Issues
• BGP, LDP, RSVP
• Troubleshooting MPLS LSP
• OAM, Multipath Trace
• Troubleshooting MPLS L3 VPNs
• Troubleshooting PE-CE Interaction (RD, RT, VPN Services)
• Interactions with Traffic Engineering
• Segment Routing
• Migration
• On Demand Next-Hop (ODN)
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
MPLS Trivia
Question
Fun with MPLS Trivia
R1, R2, R3, R4 and R5 all have OSPF and MPLS enabled.
What changes can be made on R2 and/or R3 to prevent only R1’s
Loopback (192.168.1.1) from pinging R5’s Loopback (192.168.5.5)?
We will explain some of the concepts that make this work.
R1 R2 R3 R4 R5
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Establishing Adjacency & Swapping Labels
Populating the RIB
• First the IGP (OSPF / IS-IS) is established and routes are
exchanged between all routers
R1 R2 R3 R4
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Establishing Adjacency & Swapping Labels
Creating the Local Labels
• Local Labels are automatically generated for all prefixes in the RIB.
(MPLS Label 3 is reserved for Implicit-Null – directly connected routes)
• This includes local network prefixes
In Out In Out In Out
Label Label Network Out Int Label Label Network Out Int Label Label Network Out Int
3 - 10.1.0.0/16 Gi0/2 200 N/A 10.1.0.0/16 Gi0/0 300 N/A 10.1.0.0/16 Gi0/0
3 - 10.1.1.0/24 Gi0/1 201 N/A 10.1.1.0/24 Gi0/0 301 N/A 10.1.1.0/24 Gi0/0
3 - 10.12.1.0/24 Gi0/0 3 - 10.12.1.0/24 Gi0/0 302 N/A 10.12.1.0/24 Gi0/0
103 N/A 10.23.1.0/24 Gi0/0 3 - 10.23.1.0/24 Gi0/1 3 - 10.23.1.0/24 Gi0/0
104 N/A 10.34.1.0/24 Gi0/0 204 N/A 10.34.1.0/24 Gi0/1 3 - 10.34.1.0/24 Gi0/0
105 N/A 10.4.0.0/16 Gi0/0 205 N/A 10.4.0.0/16 Gi0/1 305 N/A 10.4.0.0/16 Gi0/1
106 N/A 10.4.4.0/24 Gi0/0 206 N/A 10.4.4.0/24 Gi0/1 306 N/A 10.4.4.0/24 Gi0/1
R1 R2 R3 R4
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Establishing Adjacency & Swapping Labels
• Local Labels are exchanged with downstream routers
• Labels are all exchanged at the same time.
(This animation was done to show you the correlation of tables)
R1 R2 R3 R4
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Troubleshooting
LDP Issues
Troubleshooting LDP Issues
LDP Neighborship
LDP neighborship is formed on TCP port 646
Discovery Mechanism:
Basic Discovery – Multicast UDP hellos for directly connected neighbors
Extended Discovery – Targeted Unicast UDP hellos for non-directly
connected neighbors
• Parameters
• Session Keepalive = 60 sec. & Hold time = 180 Sec.
• Discover Hello interval = 5 sec. and Hold Time = 15 sec.
• Can be viewed using the command show mpls ldp parameters
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Troubleshooting LDP Issues
Adjacency Requirements
LDP Router-ID must have a specific routing entry in the RIB
Authentication parameters must match
Multiple L3 links between LDP devices
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Troubleshooting LDP Issues
LDP Neighborship Negotiation
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Troubleshooting LDP Issues
Verifying LDP Neighborship
PE1#sh mpls ldp neighbor
Peer LDP Ident: 10.13.1.101:0; Local LDP Ident 10.13.1.61:0
TCP connection: 10.13.1.101.11031 - 10.13.1.61.646
State: Oper; Msgs sent/rcvd: 58/60; Downstream
Up time: 00:39:27
LDP discovery sources:
Ethernet0/0, Src IP addr: 10.13.1.5
Ethernet1/0, Src IP addr: 10.13.1.9
Addresses bound to peer LDP Ident:
10.13.1.9 10.13.1.5 10.13.2.5 10.13.1.101
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Troubleshooting LDP Issues
Reachability and ACL verification
• Ensure reachability between the LDP router ID’s
PE1#ping 192.168.11.11 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.11, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
..... Check Routing
Success rate is 0 percent (0/5) Configuration
• Verify no ACL in path blocking TCP port 646 and other Multicast
traffic for LDP Hello’s.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Troubleshooting LDP Issues
LDP Router-id
• If router-id is not set manually, router checks all operational
interfaces on the router(including loopbacks) and chooses the
highest IP address as the LDP router-id.
• LDP_ID should be hardcoded via
• “mpls ldp router-ID <interface>”
• The above configuration will not help unless:
• <interface> is UP when LDP gets started
• Existing LDP_ID (usually an interface) is shut
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Troubleshooting LDP issues
Problem with xmit / recv
Lo0=192.168.1.1 Lo0=192.168.11.11
PE1 P1
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Troubleshooting LDP issues
LDP No Route Problem
Lo0=192.168.1.1 Lo0=192.168.11.11
PE1 P1
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Troubleshooting LDP issues
Problem due to Summarization
PE1 P1
PE1#show mpls ldp neighbor 192.168.11.11 PE2#sh mpls ldp neighbor 192.168.1.1
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Troubleshooting LDP Issues Also good to check “show
mpls ldp trace discovery”
MPLS LDP Trace on IOS XR
RP/0/0/CPU0:PE2#show mpls ldp trace peer last 20
0/0/CPU0 t1 [PEER]:506: VRF(0x60000000): Peer(192.168.11.11:0): Peer FSM: Stepped, pp=0x102d9548, event=0, state 0 ->
1
0/0/CPU0 t1 [PEER]:3262: VRF(0x60000000): Release Peer(192.168.11.11:0): rsn 'TCP connection closed' ('Success')
0/0/CPU0 t1 [PEER]:3625: Peer(192.168.11.11:0): Unsupported/Unknown TLV (type 0x506, U/F 1/0) rcvd in INIT msg
0/0/CPU0 t1 [PEER]:506: VRF(0x60000000): Peer(192.168.11.11:0): Peer FSM: Stepped, pp=0x102d9520, event=0, state 0 ->
1
0/0/CPU0 t1 [PEER]:575: VRF(0x60000000): Peer(192.168.11.11:0): DOWN - reason 'Received Notification message from peer'
(more_info 'KeepAlive Timer Expired')
0/0/CPU0 t1 [PEER]:3262: VRF(0x60000000): Release Peer(192.168.11.11:0): rsn 'Received Notification message from peer'
('KeepAlive Timer Expired')
0/0/CPU0 t1 [PEER]:3625: Peer(192.168.11.11:0): Unsupported/Unknown TLV (type 0x506, U/F 1/0) rcvd in INIT msg
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Troubleshooting LDP Issues
LDP & IGP Sync
• When a link comes up, LDP and IGP compete to converge; Labeled
traffic drops if IGP wins.
• When LDP session on a link drops, IGP may continue forwarding
labeled traffic to that link and cause traffic dropped.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Troubleshooting LDP Issues
LDP & IGP Sync – Solution
• Link up:
• If LDP peer is reachable (alternate route exists), defer IGP adjacency on
the link.
• If LDP peer is not reachable (no alternate route), IGP advertise max-
metric to reach neighbor through the link.
• LDP session down:
• IGP advertises max-metric to reach neighbor through the link.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Troubleshooting LDP Issues
LDP & IGP Sync
• LDP IGP Sync feature is enabled under IGP (OSPF/ISIS)
• - “sync-igp-shortcuts” for TE tunnel interfaces, “sync” for all other types.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Troubleshooting LDP Issues
LDP & IGP Sync
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Troubleshooting LDP Issues
LDP Session Protection
• Problem:
I. When a link flaps (for a short time),
II. LDP hello adjacency over the link flaps
III. LDP session is torn down then re-setup
IV. LDP re-exchanges label bindings when LDP session is setup (i.e. LDP re-
convergence).
• Solution:
• When LDP session supported by link hello is setup, create a targeted hello to protect
the session.
• When link is down, the targeted hello remains through other path and keeps the LDP
session up.
• When link restores, re-discover neighbors, re-program forwarding.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Troubleshooting LDP Issues
LDP Session Protection
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Troubleshooting LDP Issues
Case Study - 1
IP RAN
10.12.2.0/24
• 3 routing processes
between R1 and R2 192.168.1.1 192.168.2.2
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Troubleshooting MPLS LSP
Looking at the LIB
RTR#show mpls ldp bindings detail
tib entry: 10.1.1.0/30, rev 10
local binding: tag: imp-null
Advertised to:
10.1.2.2:0 10.1.2.6:0 10.1.2.4:0
remote binding: tsr: 10.1.2.2:0, tag: imp-null
remote binding: tsr: 10.1.2.6:0, tag: 12304
remote binding: tsr: 10.1.2.4:0, tag: 12305
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Troubleshooting MPLS LSP
Label Forwarding Information Base (LFIB)
• The LFIB stores local and remote labels for prefixes that are used to
forward packets
• Prefixes that are used = prefixes in routing table (RIB)
• Labels are derived from LIB
LDP TDP
prefix, next-hop and in-
label, out-label prefix + next-hop
LIB LFIB RIB
(prefix, LDP Ident, get in- and out-label for (prefix,next-hop, (prefix, next-hop)
label) (prefix, next-hop) in-label, out-label)
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Troubleshooting LDP Issues
Case Study - 1
• Verify the TCP connection – You will find the clue
• Router-ID is configured with Lo0 (forced)
• If one of the interfaces is configured with mpls ldp discovery
transport-address interface, then this behavior can be
noticed.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Troubleshooting
LSP Issues
Troubleshooting MPLS LSP
Reasons for LSP to Break
MP-IBGP – VPNv4
LDP + IGP
172.16.11.0/24 10.1.111.0/24 10.1.211.0/24 172.16.22.0/24
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Troubleshooting MPLS LSP
Looking at the LIB
RTR#show mpls ldp bindings detail
tib entry: 10.1.1.0/30, rev 10
local binding: tag: imp-null
Advertised to:
10.1.2.2:0 10.1.2.6:0 10.1.2.4:0
remote binding: tsr: 10.1.2.2:0, tag: imp-null
remote binding: tsr: 10.1.2.6:0, tag: 12304
remote binding: tsr: 10.1.2.4:0, tag: 12305
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Troubleshooting MPLS LSP
Label Forwarding Information Base (LFIB)
• The LFIB stores local and remote labels for prefixes that are used to
forward packets
• Prefixes that are used = prefixes in routing table (RIB)
• Labels are derived from LIB
LDP TDP
prefix, next-hop and in-
label, out-label prefix + next-hop
LIB LFIB RIB
(prefix, LDP Ident, get in- and out-label for (prefix,next-hop, (prefix, next-hop)
label) (prefix, next-hop) in-label, out-label)
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Troubleshooting MPLS LSP
Building the LFIB
P1#show ip route 3.3.3.4
Routing entry for 3.3.3.4/32
* 10.1.2.1, from 10.1.2.1, 13:28:32 ago, via Ethernet0/0
P1#show mpls ldp neighbor 10.1.2.1
Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0
P1#show mpls ldp binding 3.3.3.4 255.255.255.255
lib entry: 3.3.3.4/32, rev 18
remote binding: lsr: 3.3.3.3:0, label: imp-null
P1#show mpls forwarding 3.3.3.4
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
20 Pop Label 3.3.3.4/32 0 Et0/0 10.1.2.1
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Troubleshooting MPLS LSP
MPLS OAM
• Defined in RFC 4379
• LSP Ping and Traceroute provide ability to monitor MPLS Label Switched Paths and
quickly isolate MPLS forwarding problems.
• Two messages
• MPLS Echo Request:
MPLS labeled IPv4 or IPv6 UDP packet
• MPLS Echo Reply IPv4 or IPv6 UDP packet
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Troubleshooting MPLS LSP
FEC Types Supported
• ping mpls ?
ipv4 Target specified as an IPv4 address
pseudowire Target VC specified as an IPv4 address and VC ID
traffic-eng Target specified as TE tunnel interface
• traceroute mpls ?
ipv4 Target specified as an IPv4 address
multipath LSP Multipath Traceroute
pseudowire Target VC specified as an IPv4 address and VC ID
traffic-eng Target specified as TE tunnel interface
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Troubleshooting MPLS LSP
LSP Ping (ping mpls . . . )
• Simple and efficient mechanism to detect data plane failures in MPLS LSPs
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Troubleshooting MPLS LSP
Packet Format
Version Number Must Be Zero
Sender’s Handle
Sequence Number
TLV …
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Troubleshooting MPLS LSP
Packet Format
• Version number: 1
• Message Type
• MPLS Echo Request
• MPLS Echo Reply
• Reply Mode
1 Do not reply
2 Reply via an IPv4/IPv6 UDP packet
3 Reply via an IPv4/IPv6 UDP packet with Router Alert
4 Reply via application level control channel
• Timestamp
• Time-of-day in seconds and microseconds
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Troubleshooting MPLS LSP
Reply Modes
• Reply Mode – Do Not Reply
• This mode is useful for a keepalive application running at the
remote end
• Such an application would trigger state changes if it does not
receive
a LSP ping packet within a predefined time
• An MPLS echo request with “do not reply” may also be used by the
receiving router to log gaps in the sequence numbers and/or
maintain delay/jitter statistics
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Troubleshooting MPLS LSP
Reply Modes
• Reply Mode – Reply via an IPv4 UDP Packet
• The Reply via UDP packet implies that an IP V4 UDP packet should
be sent in reply to an MPLS echo request
• This will be the most common reply mode for simple LSP pings
sent to periodically poll the integrity of an LSP
• This is the default reply mode
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Troubleshooting MPLS LSP
Reply Modes
• Reply Mode – Reply via an IPv4 UDP Packet with Router Alert
• In this mode when the destination router replies it appends a label
of “1” to the packet
• This forces all the intermediate routers, on the way back, to
process switch the reply
• This mode is CPU intensive and should generally be used if the
reply fails for “reply with IPv4 UDP packet”
• This mode is useful when we have inconsistency between IP and
MPLS
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Troubleshooting MPLS LSP
Return Codes
Value Meaning
0 The Error Code Is Contained in the Error Code TLV
Replying Router Is one of the “Downstream Routers”, and Its Mapping for this FEC on the
6 Received Interface Is the Given Label
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Troubleshooting MPLS LSP
MPLS Echo Request
R1#ping mpls ipv4 192.168.2.2/32 verbose
destination 127.0.0.2 repeat 1 exp 7 pad 0xFFFF
Sending 1, 100-byte MPLS Echos to 10.200.254.4/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not transmitted,
'.' - timeout, 'U' - unreachable,
'R' - downstream router but not target
Type escape sequence to abort.
! Reply address 10.1.211.2, return code 3
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Troubleshooting MPLS LSP
MPLS Ping (Operational Theory)
• We use the same label stack as used by the LSP and this makes the echo
to be switched inband of LSP
• The IP header destination address field of the echo request is a 127/8
address
• An Echo reply, which may or may not be labelled, has the egress interface
IP address as the source; destination IP address/port are copied from the
echo-request’s source address/port
• Presence of the 127/8 address in the IP header destination address field
causes the packet to be consumed by any routers trying to forward the
packet using the ip header
• In this case P1 would not forward the echo-req to PE1 but rather
consumes the packet and sends a reply to PE2 accordingly
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Troubleshooting MPLS LSP
MPLS Ping Packet Capture
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Operation
MPLS OAM Caveats
• For LSP ping we generate an MPLS echo request
• The payload includes the LDP/RSVP/L2 Circuit sub-TLV depending
on the LSP we use
• Echo request is appropriately labelled and sent out
• Ping mode: MPLS TTL = 255
• Traceroute mode: TTL = 1, 2 ,3 etc.
• MPLS Echo Request always has FEC Stack TLV
• The LSP ping sender sets the return code to 0.
• The replying router would set it accordingly based on the table
shown previously
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Troubleshooting MPLS LSP
TTL Field in Labels
• Only the TTL field in the label at the top of the stack counts
• The outgoing TTL value is only a function of the incoming TTL value
• Outgoing TTL is one less than incoming TTL
• If outgoing TTL = 0, packet is not forwarded (not even stripped and
forwarded as an IP packet)
• When an IP packet is first labelled, the TTL field is copied from the IP
header to the MPLS header (after being decremented by 1)
• When the label stack is removed, the outgoing TTL value is copied to the
TTL field in the IP header
• Unless MPLS TTL > IP TTL
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Troubleshooting MPLS LSP
Operation
• Receiving LSR checks that label stack of received packet matches
with the received FECs in FEC Stack
• MPLS Echo Reply is sent in response to MPLS Echo Request
– Destination IP address is source IP address of Echo Request
– IP TTL = 255
– Reply Mode: (You do not control if return packet is sent over IP or MPLS)
• IPv4
• IPv4 with Router Alert (IP Option)
– If over MPLS, then Router Alert Label as topmost label is added in the label stack
– Hardware forwarding bypassed; packet is sent to RP process level forwarding
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Traceroute in MPLS Network
In Label Prefix Output Out Label In Label Prefix Output Out Label
Interface Interface
16 172.16.1.1/32 X - - 172.16.1.1/32 X 22 16
Y Y
PE1 X P1 X PE2
192.168.1.1/32 192.168.2.2/32
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Troubleshooting MPLS LSP
Traceroute in MPLS Network
Label 19, Aggregate Outgoing
TTL=1 Label, IP Lookup
done in CEF for VRF
Label 24008 Label 24008,
TTL=255
172.16.2.2 172.16.2.2
TTL=2 TTL=1 172.16.2.2
UDP port UDP port TTL=255, ICMP
35678 35678 TTL Exceeded
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Troubleshooting MPLS LSP
MPLS Trace Hiding
• This command prohibits the copying of the TTL from the IP header to
the MPLS shim header and vice versa (TTL is set to 255)
• It should be configured on the routers that do the label imposement
(LSR edge routers), which is the PE routers.
• Providers like to use it so that the customers see the MPLS network
as one hop when tracerouting
no mpls ip propagate-ttl forwarded
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Troubleshooting MPLS LSP
MPLS Trace Hiding
CE1#traceroute 172.16.2.2 source 172.16.1.1 (mpls ip propagate-ttl forwarded)
Type escape sequence to abort.
Tracing the route to 172.16.2.2
1 172.16.11.2 [AS 100] 3 msec 3 msec 3 msec local PE
2 10.1.111.11 [MPLS: Labels 19/24008 Exp 0] 122 msec 25 msec 19 msec P
3 10.1.211.2 [MPLS: Label 24008 Exp 0] 21 msec 16 msec 23 msec remote PE
4 172.16.12.1 [AS 100] 23 msec * 22 msec remote CE
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Troubleshooting MPLS LSP
MPLS Trace with no mpls ip propagate-ttl on PE routers
Aggregate Outgoing
Label 19, TTL=1 Label
udp port
Label 24008 Label 24008, 35678?
TTL=255
172.16.2.2 172.16.2.2 172.16.2.2 172.16.2.2
TTL=2 TTL=1 TTL=1 TTL=1
UDP port 35678 UDP port 35678 UDP port 35678 UDP port 35678
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Troubleshooting MPLS LSP
Multipath MPLS Trace
• MPLS LSP ping / trace is useful tool to validate the health of a label
switched path
• In case of multiple paths, LSP ping may not serve useful to validate
all the available paths
• Multipath MPLS trace allows users to identify all LSP failures
• The multipath LSP trace, sends probe by setting the destination to
loopback address (127.x.x.x), which can help detect failure in LSP
by avoiding the packet to get IP routed.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Troubleshooting MPLS LSP
Multipath MPLS Trace
192.168.2.2/32
Echo Request
1
SRC – 10.1.16.6
DEST – 127.0.0.0 1 R2
R6 R1 R4
2
192.168.3.3/32
Echo Reply
SRC – 10.1.16.1
2 DEST – 10.1.16.6
DS Mapping – 127.0.0.1
24002 - 10.1.13.3
DS Mapping – 127.0.0.0 R3
30002 - 10.1.12.2
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Troubleshooting MPLS LSP
Multipath MPLS Trace
192.168.2.2/32
Echo Request
3
SRC – 10.1.16.6
DEST – 127.0.0.0 4
R2
R6 R1 R4
Echo Reply
SRC – 10.1.12.2
192.168.3.3/32
4 DEST – 10.1.16.6
DS Mapping – 127.0.0.0
pop - 10.1.24.4
R3
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Troubleshooting MPLS LSP
Multipath MPLS Trace 192.168.2.2/32
Echo Request
5 R2
SRC – 10.1.16.6
DEST – 127.0.0.1
R6 5 R1 R4
192.168.3.3/32
Echo Reply 6
SRC – 10.1.13.3
6 DEST – 10.1.16.6
DS Mapping – 127.0.0.0
R3
pop - 10.1.34.4
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Troubleshooting MPLS LSP
Multipath MPLS Trace
PE1#traceroute mpls multipath ipv4 192.168.4.4/32
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
<snip>
Type escape sequence to abort.
LL!
Path 0 found,
output interface Gi0/1 nexthop 10.1.16.1
source 10.1.16.6 destination 127.0.0.1
0 10.1.16.6 10.1.16.1 MRU 1500 [Labels: 18 Exp: 0] multipaths 0
L 1 10.1.16.1 10.1.12.2 MRU 1500 [Labels: 30002 Exp: 0] ret code 8 multipaths 2
L 2 10.1.12.2 10.1.24.4 MRU 1500 [Labels: implicit-null Exp: 0] ret code 8 multipaths 1
! 3 10.1.24.4, ret code 3 multipaths 0
L!
Path 1 found,
output interface Gi0/1 nexthop 10.1.16.1
source 10.1.16.6 destination 127.0.0.0
0 10.1.16.6 10.1.16.1 MRU 1500 [Labels: 18 Exp: 0] multipaths 0
L 1 10.1.16.1 10.1.13.3 MRU 1500 [Labels: 24002 Exp: 0] ret code 8 multipaths 2
L 2 10.1.13.3 10.1.34.4 MRU 1500 [Labels: implicit-null Exp: 0] ret code 8 multipaths 1
! 3 10.1.34.4, ret code 3 multipaths 0
Paths (found/broken/unexplored) (2/0/0)
Echo Request (sent/fail) (5/0)
Echo Reply (received/timeout) (5/0)
Total Time Elapsed 192 ms
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Demo - Multipath MPLS Trace
Troubleshooting MPLS LSP
MPLS Forwarding Plane
With MPLS, the idea is to de-couple the forwarding from the IP
header
The forwarding decision is based on the MPLS header, not the IP
header
The above is true once the packet is inside the MPLS network
Forwarding is still based on the IP header at the edge where the
packet first enters the MPLS network
CEF must be configured on all the routers in a MPLS network.
CEF takes care of the crucial “recursion” and “resolution” operations
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Troubleshooting MPLS LSP
What happens when CEF disabled?
PE1#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 No Label 172.16.1.1/32 0 drop
17 No Label 192.168.12.12/32 0 drop
20 No Label 192.168.2.2/32 0 drop
21 No Label 10.1.212.0/24 0 drop
22 No Label 10.1.211.0/24 0 drop
23 No Label 192.168.11.11/32 0 drop
24 No Label 172.16.11.0/24 0 drop
25 No Label 172.16.14.0/24 0 drop
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Troubleshooting MPLS LSP
MPLS Forwarding Plane – Outgoing Labels
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Troubleshooting MPLS LSP
MPLS Forwarding Plane: Outgoing Labels
Untagged
• Convert the incoming MPLS packet to an IP packet and forward it.
Pop
• Pop the top label from the label stack present in an incoming MPLS
packet and forward it as an MPLS packet.
• If there was only one label in the stack, then forward it as an IP packet.
SAME as imp-null label.
Aggregate
• Convert the incoming MPLS packet to an IP packet and then do a FIB
lookup for it to find out the outgoing interface.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Troubleshooting MPLS LSP
MPLS Forwarding Plane - Lookup
Three cases in the MPLS forwarding:
1) Label Imposition - IP to MPLS conversion
2) Label swapping - MPLS to MPLS
3) Label disposition - MPLS to IP conversion
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Troubleshooting MPLS LSP
MPLS Forwarding Plane: Loadsharing
MPLS Loadsharing (due to multiple paths to a prefix) is no different
from that of IP
Hashing-algorithm is still the typical ‘FIB based’ i.e per-dest
loadsharing by default **
So the “show commands” are still relevant
• “Show ip cef exact-route <source> <dest>” etc.
But the <dest> must be known in the FIB table, otherwise the
command won’t work.
• Won’t work on P routers for the VPN prefixes.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Troubleshooting MPLS LSP
MPLS Forwarding Plane: MTU Setting
• “mpls mtu <bytes>” can be applied to an interface to change the MPLS
MTU size on the interface
• MPLS MTU size is checked by the router
• while converting an IP packet into a labeled packet or transmitting a labelled
packet
• Label imposition(s) increases the packet size by 4 bytes/label, hence the
outgoing packet size may exceed ‘interface MTU’ size, hence the need to
tune MTU
• ‘mpls mtu <bytes>” command has no effect on “interface or IP MTU” size.
• By default, MPLS MTU = interface MTU
• MPLS MTU setting doesn’t affect MTU handling for IP-to-IP packet switching
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Troubleshooting MPLS LSP
MPLS Forwarding Plane: MTU Setting
• If
the label imposition makes the packet bigger than
the MPLS MTU size of an outgoing interface, then:
- If the DF bit set, then discard the packet and send ICMP
reply back (with code=4)
- If the DF bit is not set, then fragment the IP packet (say,
into 2 packets), and then impose the same label(s) on both
the packets, and then transmit MPLS packets
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Troubleshooting MPLS LSP
MPLS Forwarding Plane: Show Commands
“show mpls forwarding”
• Shows all LFIB entries (vpn, non-vpn, TE etc.)
“show mpls forwarding <prefix>”
LFIB lookup based on a prefix
“show mpls forwaring label <label>”
LFIB lookup based on an incoming label
“show mpls forwarding <prefix> detail”
Shows detailed info such as L2 encap etc
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Troubleshooting MPLS LSP
MPLS Forwarding Plane: Show Commands
R2#show mpls forwarding 10.13.1.11 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
45 51 10.13.1.11/32 0 Fa1/1/1 10.13.7.33
MAC/Encaps=14/18, MRU=1500, Tag Stack{51}
0003FD1C828100044E7548298847 00033000
No output feature configured
Per-packet load-sharing
R2#
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
MPLS Labels Case
Study
BGP 3107
Mobile Transport Market Conditions
• High Capacity requirements from Edge to Core
• 100Mbps eNB, 1Gbps Access, 10Gbps Aggregation, 100Gbps Core
• Higher scale as LTE drives ubiquitous mobile broadband
• Tens- to hundred-of-thousands of LTE eNBs and associated CSGs
• Support for multiple and mixed topologies
• Fiber and microwave rings in access, fiber rings, hub and spoke in aggregation and core
networks
• Need for graceful service integration and integration into existing infrastructure
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
MPLS as Network Convergence Technology
Optimizing Service Delivery
Access Aggregation Edge Core
• Separating transport from service operations with single touch point service
enablement and contiguous OAM
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Seamless MPLS Operation
Transport & Service Decoupling
Operational Points
Classical
MPLS
IGP/LDP
Domain RFC BGP Flex LFA BGP E2E
isolation 3107 filtering Access R-LFA PIC OAM
L2/IGP/BGP/MPLS-
TP/LDP DoD
Unified
MPLS
Architecture
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
RFC-3107
• RFC 3107 was approved May 2001, main purpose being scaling of MPLS
• The label mapping information for a particular route is piggybacked in the same
BGP Update message that is used to distribute the route itself.
• If two immediately adjacent Label Switched Routers (LSRs) are also BGP peers, then label
distribution can be done without the need for any other label distribution protocol.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
LFA & R-LFA
• What is LFA FRR?
• RFC 5286 basic fast re-route mechanism with local protection in pure IP and MPLS/LDP
networks
• Pre-computing available paths at source node that do not create loops
• Gives benefits of TE-FRR, but no configuration or design required
• What is Remote LFA?
Defined in draft “http://tools.ietf.org/html/draft-shand-remote-lfa”
Remote LFA uses automated IGP/LDP behavior to extend basic LFA FRR to arbitrary
topologies
A node dynamically computes its remote loop free alternate node(s)
– Done during SFP calculations using PQ algorithm (see draft)
Automatically establishes a directed LDP session to it
– The directed LDP session is used to exchange labels for the FEC in question
On failure, the node uses label stacking to tunnel traffic to the Remote LFA node, which in
turn forwards it to the destination
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Remote LFA FRR - Protection
• C2’s LIB
• C1’s label for FEC A1 = 20 Backbone
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
BGP Prefix-Independent Protection (PIC)/BGP FRR
• BGP Fast Reroute (BGP FRR)
enables BGP to use alternate paths
• Algorithm uses a pointer to move all
prefixes to new next hop, not a hop by
hop rewrite
• ~ 100 msec protection
• Prefix-Independent
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Unified MPLS Architecture Models
• Architecture Models based on:
• Access Type: Ethernet TDM or MPLS access
• Network Size: Small/Medium (1000 nodes or less) or Large
• End to Labeled Switch Path
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
1 – Small Network: Ethernet/TDM Access
Flat LDP LSP across Core and Aggregation Networks
Mobile
Core Node Transport GW Core Node
Aggregation Node Aggregation Node CSG
IP/Ethernet
Aggregation Core and Aggregation Pre-Aggregation
Node Node Business
Distributio IP/MPLS Domain
n Node
Aggregation Node Mobile Aggregation Node
Core Node Transport GW Core Node
TDM and Packet Fiber and Microwave
Microwave, 2G/3G/LTE 3G/LTE
IGP/LDP domain
• Core and Aggregation Networks form one IGP and LDP domain.
• Scale recommendation is less than 1000 IGP/LDP nodes
• Packet Microwave links aggregated in Aggregation Nodes
• Mobile Access is based on TDM
• All services –Mobile and Wireline– enabled by Aggregation Nodes
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
2 – Small Network: MPLS Access
Hierarchical BGP LSP Across Core + Aggregation and Access Networks
Aggregation Node Aggregation Node
Core Node Mobile Core Node
Transport GW CSG
CSG
RAN
RAN Core and Aggregation IP/MPLS Domain
IP/MPLS Domain Pre-Aggregation Pre-Aggregation
Node IP/MPLS domain Node CSG
CSG IGP Area
Mobile
Transport GW
Core Node Core Node CSG
CSG Aggregation Node
Aggregation Node
iBGP Hierarchical LSP
LDP LSP LDP LSP LDP LSP
• The Core and Aggregation form a relatively small IGP/LDP domain (1000 nodes)
• MPLS enabled RAN, each RAN forms a different IGP/LDP domain
• The Core/Aggregation and RAN Access Networks are integrated with labelled BGP LSP
• The Access Network Nodes learn only the MPC labelled BGP prefixes and selectively and optionally
the neighbouring RAN networks labelled BGP prefixes.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
3 – Large Network: Ethernet/TDM access
Hierarchical BGP LSP Across Core Network and Aggregation Networks
Aggregation Node
Aggregation Node
Mobile
Transport GW CSG
Core Core
Aggregation Network Node Node Aggregation Network IP/Ethernet
IP/MPLS Core Network IP/MPLS
Domain IP/MPLS Domain Domain
Core CSG
Aggregation Core Pre-Aggregation
Node Node Mobile Node Node
Transport GW
Aggregation Node
TDM and Packet Aggregation Node Fiber and Microwave
Microwave, 2G/3G/LTE 3G/LTE
iBGP (eBGP across ASes) Hierarchical LSP
Mobile
Transport GW Core Node CSG
CSG Core Node
Core Core
Aggregation Network Node Aggregation Network RAN
RAN Node IP/MPLS
IP/MPLS IP/MPLS Core Network IP/MPLS domain
domain Domain IP/MPLS Domain Domain
Pre-Aggregation CSG
CSG Core Core Pre-Aggregation
Node Node Mobile Node Node
Core Node Transport GW Core Node
CSG
CSG Aggregation Node
Aggregation Node
iBGP (eBGP across ASes) Hierarchical LSP
LDP LSP LDP LSP LDP LSP LDP LSP LDP LSP
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
5 - Large Network, MPLS Access
Hierarchical BGP LSP with IGP/LDP Redistribution in Access Network
Aggregation Node
Aggregation Node
Mobile
MPC iBGP community Transport GW Core
Core
Node MPC iBGP community CSG
CSG Core
Core
Node
Core Core
into RAN IGP into RAN IGP
RAN
Aggregation Network Node Node Aggregation Network
RAN
MPLS/IP IP/MPLS Core Network IP/MPLS MPLS/IP
Domain IP/MPLS Domain Domain
IGP Area/Process Pre-Aggregation Pre-Aggregation IGP Area/ProcessCSG
CSG Core Core Node
Node
Node Core Mobile Node
RAN IGP CSN Loopbacks Core
Core
Node RAN IGP CSN Loopbacks
Core Node Transport GW
into iBGP into iBGP
CSG
CSG Aggregation Node
Aggregation Node
i/eBGP Hierarchical LSP
LDP LSP LDP LSP
LDP LSP LDP LSP LDP LSP
• Core and Aggregation are distinct IGP/LDP domains that enable inter domain hierarchical LSPs
• Core and Aggregation Networks may be in same of different Autonomous Systems
• Redistribution of Core/Aggregation LSPs into Access Networks IGP
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Unified MPLS Architecture
Summary
Cell Access Pre-Aggregation Aggregation PGW SGW
Core
Site Layer Layer Layer Layer
Simplified
Aggregation Distribution Core
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
Demo –LDP
interop with BGP
3107
Troubleshooting
MPLS L3 VPNs
Troubleshooting MPLS L3 VPNs
Nodes and their Roles
• CE – Customer edge router, connects to the CE network and the PE
• Forwards only IP packets – no awareness of the MPLS network is needed
• Routes between the CE internal network and the PE router
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Troubleshooting MPLS L3 VPNs
IP Addressing Concerns
Customer A Customer A
Site 1 Site 2
172.16.1.0/24 172.16.3.0/24
CE1 CE3
PE1
172.16.2.0/24 172.16.4.0/24
CE2 CE4
Customer B Customer B
Site 1 Site 2
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Troubleshooting MPLS L3 VPNs
Isolation Through the Use of VRFs
Customer A Customer A
Site 1 Site 2
172.16.1.0/24 172.16.3.0/24
PE1
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
L3VPN By Parts
The Edge:
• VRF = VPN Routing Forwarding instance
Isolated routing table, kind of like a VM
• Any routing protocol between the PE and CE
The Core:
• BGP VPNv4 and/or VPNv6 between PEs
• Labeled Switch Path between PEs
PE-CE Protocol PE-CE Protocol
MP-EBGP
CE PE CE
P2 PE
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
MP-BGP (Multiprotocol BGP) for MPLS VPNs
MP-BGP (Multi Protocol BGP)
• No new rules, still requires full mesh or RRs
• RRs need to support additional capabilities
• For MPLS only PEs need to speak BGP or know CE routes
• L3VPN Relies on Extended Communities
• Extended Communities are arbitrary TLVs attached to BGP prefixes
• BGP is used to Exchange the MPLS Label specific to the VPN prefix
• Outer MPLS Label is used to forward traffic between PEs
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
Troubleshooting MPLS L3 VPNs
Visualizing Data Flow
MP-EBGP
CE PE CE
P2 PE
100 20
100.64.6.6
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Troubleshooting MPLS L3 VPNs
Visualizing Data Flow
MP-EBGP
CE PE CE
P2 PE
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Troubleshooting MPLS L3 VPNs
MP-BGP: Advertising CE Routes
BGP maintains a table for each AFI (vpnv4, ipv4, vrf…)
CE routes are placed into the vpnv4 BGP table
• BGP routes in a vrf AFI are automatically turned into vpnv4 routes
• If BGP is not PE-CE protocol routes must be redistributed into ipv4 vrf
AFI
All vpnv4 routes get an assigned label
vpnv4 routes are exchanged between vpnv4 peers (PEs)
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Troubleshooting MPLS L3 VPNs
RTs and RDs: Creating the VRF
• VRFs have 3 parts:
1. VRF name (case sensitive) ip vrf red
rd 100:100
2. Route Distinguisher (RD) route-target import 200:200
3. Route Target(s) (RT)
route-target export 201:201
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Troubleshooting MPLS L3 VPNs
vrf definition VPN01
rd 200:1
route-target export 200:1
RD
Prefix
Route Target
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Troubleshooting MPLS L3 VPNs
Understanding RDs
• Route Distinguisher
• There is only one VPNv4 table
• How are routes distinguished from another?
• Prepending the RD to the route to creates a VPNv4 route
• Only used to make routes unique VPNv4 prefixes
IPv4 Route: 192.168.1.0/24
RD: 100:100
VPNv4 Route: 100:100:192.168.10/24
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Troubleshooting MPLS L3 VPNs
Understanding RDs
Route
Reflector
172.31.31.31
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Troubleshooting MPLS L3 VPNs
Understanding the RT
• Route Target
• RT is a BGP extended community (extra information on the update)
• “route-target export” adds the community to the outbound update
• “route-target import” defines which routes to bring into the VRF
• Multiple imports and exports allowed ip vrf red
rd 1:1
route-target import 100:100
route-target import 200:200
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Troubleshooting MPLS L3 VPNs
VPN Services
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Troubleshooting MPLS L3 VPNs
Understanding the RT
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
Troubleshooting MPLS L3 VPNs
Fixing the BGP AS_Path Problem
• AS_Path is a loop prevention mechanism
• PE routers can use a special feature called AS-Override.
• Any prefixes with the same AS that the is used by the CE is changed
to the AS of the PE
R1 XR3
router bgp 200 router bgp 200
address-family ipv4 vrf VPN01 neighbor 172.32.36.6
redistribute connected remote-as 500
neighbor 172.16.15.5 remote-as 500 address-family ipv4 unicast
neighbor 172.16.15.5 activate route-policy PASSALL in
neighbor 172.16.15.5 as-override route-policy PASSALL out
as-override
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Live
Troubleshooting
Demo
Troubleshooting MPLS L3 VPNs
Route Reflectors
RR
AS500 AS500
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
Inter-AS MPLS VPNs
Option 1 - Back-to-Back VRF Method
AS100 AS200
PE1 IPv4 + IGP/BGP PE2
PE-ASBR1 PE-ASBR2
Lo0-11.11.11.11/32Lo0-22.22.22.22/32
CE1 CE2
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 126
Inter-AS MPLS VPNs
Option 2a – ASBR-to-ASBR with Next-Hop-Self Method
172.16.1.1 v1
RR-P1 RR-P2
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
Inter-AS MPLS VPNs
Option 2b – ASBR-to-ASBR with Redistribute Connected Method
172.16.1.1 v1
RR-P1 RR-P2
CE1 CE2
172.16.1.1 172.16.2.2
• No LDP or IGP required on the link between the two ASBRs.
• Configure no bgp default route-target filter on ASBRs
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 129
Inter-AS MPLS VPNs
Option 2b – ASBR-to-ASBR with Redistribute Connected Method
• Redistribute the link between ASBR into IGP in local AS
• Required on both ASBR routers.
• Both ASBRs allocate VPN labels for prefixes received from the
other AS.
• VPN label V1 is advertised from AS100 towards ASBR-PE2 in AS200.
• Since the NH changes on ASBR-PE2, ASBR-PE2 swaps that label with
V2 and advertises it towards the core.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 130
Inter-AS MPLS VPNs
Option 2c – ASBR-to-ASBR with Multi-Hop EBGP between ASBRs Method
172.16.1.1 v1
RR-P1 RR-P2
AS100 AS200
PE1 MP-eBGP PE2
PE-ASBR1 PE-ASBR2
Lo0-11.11.11.11/32Lo0-22.22.22.22/32
CE1 CE2
172.16.1.1 • Loopback to loopback peering between ASBRs 172.16.2.2
• Configure no bgp default route-target filter on ASBRs
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 131
Inter-AS MPLS VPNs
Option 2c – ASBR-to-ASBR with Multi-Hop EBGP between ASBRs Method
• Loopback to loopback MP-EBGP peering between ASBRs.
• IGP or static route required between the ASBR link
• Both ASBRs allocate VPN labels for prefixes received from the
other AS.
• VPN label V1 is advertised from AS100 towards ASBR-PE2 in AS200.
• Since the NH changes on ASBR-PE2, ASBR-PE2 swaps that label with
V2 and advertises it towards the core.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 132
Inter-AS MPLS VPNs
Option 3 – Multi-Hop MP-EBGP between RR and EBGP between ASBRs
MP-eBGP
RR-P1 RR-P2
eBGP +
AS100 Send-label AS200
PE1 PE2
PE-ASBR1 PE-ASBR2
Lo0-11.11.11.11/32Lo0-22.22.22.22/32
CE1 CE2
172.16.1.1 172.16.2.2
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
Troubleshooting
IPv6 VPNs
Troubleshooting 6VPE
Reference Topology
IPv4 – 192.168.1.1/32
IPv6 – 2001:DB8::1/128
AS 100
Service Provider Core
PE1 IPv4 – IGP
MPLS
IPv4 – 192.168.2.2/32
IPv6 – 2001:DB8::2/128
IPv4 – 192.168.5.5/32
IPv6 – 2001:DB8::6/128 IPv6 – 2001:DB8::7/128
IPv6 – 2001:DB8::5/128
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 136
Troubleshooting 6VPE
VRF Configuration
• IPv6 enabled VRF’s are configured in the same way as IPv4 VRF’s
• On Cisco IOS, use command vrf definition to configure both IPv4 and IPv6 capable
VRF’s
vrf definition VPN01 vrf VPN01
rd 1:1 address-family ipv6 unicast
address-family ipv6 unicast import route-target
route-target import 1:1 1:1
route-target export 1:1 2:2
route-target import 2:2 export route-target
address-family ipv4 unicast 1:1
. . . address-family ipv4 unicast
interface Gi0/0 . . .
vrf forwarding VPN01 interface Gi0/0/0/0
ipv6 address xx:xx:xx::y/64 vrf VPN01
ipv6 address xx:xx:xx::y/64
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 137
6VPE Configuration – Cisco IOS
router bgp 100
bgp router-id 192.168.1.1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 192.168.4.4 remote-as 100
neighbor 192.168.4.4 update-source Loopback0
!
address-family vpnv6
neighbor 192.168.4.4 activate
neighbor 192.168.4.4 send-community extended
neighbor 192.168.4.4 next-hop-self
!
address-family ipv6 vrf red
neighbor 2001:DB8:0:16::6 remote-as 200
neighbor 2001:DB8:0:16::6 activate
exit-address-family
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 138
6VPE Configuration – IOS XR
router bgp 100
bgp router-id 192.168.2.2
address-family vpnv6 unicast
!
neighbor 192.168.4.4
remote-as 100
update-source Loopback0
address-family vpnv6 unicast
next-hop-self
!
vrf red
rd 100:1
address-family ipv6 unicast
!
neighbor 2001:db8:0:26::6
remote-as 200
address-family ipv6 unicast
route-policy pass in
route-policy pass out
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 139
Troubleshooting 6VPE
Verifying Control Plane
• Since both control plane and data plane works in opposite
direction, verify the IPv6 VPN prefix on PE5.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 140
Troubleshooting 6VPE
Verifying Control Plane
• Verify the VPNv6 prefix in BGP along with the local label
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 141
Troubleshooting 6VPE
Verifying Control Plane
• The remote IOS PE - PE1, receives the VPNv6 prefix as the out
label of 23.
PE1#show bgp vpnv6 unicast vrf red 2001:db8::7/128
BGP routing table entry for [100:1]2001:DB8::7/128, version 7
Paths: (1 available, best #1, table red)
Advertised to update-groups:
1
Refresh Epoch 1
300, imported path from [100:5]2001:DB8::7/128 (global)
::FFFF:192.168.5.5 (metric 3) (via default) from 192.168.4.4 (192.168.4.4)
Origin IGP, metric 0, localpref 100, valid, internal, best
Extended Community: RT:100:1
Originator: 192.168.5.5, Cluster list: 192.168.4.4
mpls labels in/out nolabel/23
rx pathid: 0, tx pathid: 0x0
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 142
Troubleshooting 6VPE
Verifying Control Plane
RP/0/0/CPU0:PE2#show bgp vpnv6 unicast vrf red 2001:db8::7/128
BGP routing table entry for 2001:db8::7/128, Route Distinguisher: 100:1
Last Modified: Feb 4 22:46:29.408 for 1d05h
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
300
192.168.5.5 (metric 3) from 192.168.4.4 (192.168.5.5)
Received Label 23
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best,
import-candidate, imported
Received Path ID 0, Local Path ID 1, version 5
Extended community: RT:100:1
Originator: 192.168.5.5, Cluster list: 192.168.4.4
Source VRF: default, Source Route Distinguisher: 100:5
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 143
Troubleshooting 6VPE
Verifying Data Plane
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 144
Troubleshooting 6VPE
Verifying Data Plane on IOS XR
RP/0/0/CPU0:PE2#show cef vrf red ipv6 2001:db8::7/128
2001:db8::7/128, version 7, internal 0x5000001 0x0 (ptr 0xa140c5f4) [1],
0x0 (0x0), 0x208 (0xa14db230)
Updated Feb 4 22:46:29.731
Prefix Len 128, traffic index 0, precedence n/a, priority 3
via ::ffff:192.168.5.5, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xa176b0bc 0x0]
recursion-via-/128
next hop VRF - 'default', table - 0xe0000000
next hop ::ffff:192.168.5.5 via ::ffff:192.168.5.5:0
next hop 10.1.24.4/32 Gi0/0/0/1 labels imposed {19 23}
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 145
Verifying Ingress Hardware Programming – IOS XR
PE2#show cef vrf red ipv6 2001:db8::7/128 hardware ingress detail loc0/0/CPU0
2001:db8::7/128, version 7, internal 0x5000001 0x0 (ptr 0xa140c5f4) [1],
0x0 (0x0), 0x208 (0xa14db230)
Updated Feb 4 22:46:29.730
[1 type 1 flags 0x48089 (0xa14f5398) ext 0x0 (0x0)]
LW-LDI[type=0, refc=0, ptr=0x0, sh-ldi=0x0]
gateway array update type-time 1 Feb 4 22:46:29.730
LDI Update time Feb 4 22:46:29.730
via ::ffff:192.168.5.5, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xa176b0bc 0x0]
recursion-via-/128
next hop VRF - 'default', table - 0xe0000000
next hop ::ffff:192.168.5.5 via ::ffff:192.168.5.5:0
next hop 10.1.24.4/32 Gi0/0/0/1 labels imposed {19 23}
Ingress platform showdata is not available.
Load distribution: 0 (refcount 1)
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 146
Verifying Egress Hardware Programming – IOS XR
PE2#show cef vrf red ipv6 2001:db8::7/128 hard egr det loc 0/0/CPU0
2001:db8::7/128, version 7, internal 0x5000001 0x0 (ptr 0xa140c5f4) [1],
0x0 (0x0), 0x208 (0xa14db230)
[1 type 1 flags 0x48089 (0xa14f5398) ext 0x0 (0x0)]
LW-LDI[type=0, refc=0, ptr=0x0, sh-ldi=0x0]
gateway array update type-time 1 Feb 4 22:46:29.730
LDI Update time Feb 4 22:46:29.730
via ::ffff:192.168.5.5, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xa176b0bc 0x0]
recursion-via-/128
next hop VRF - 'default', table - 0xe0000000
next hop ::ffff:192.168.5.5 via ::ffff:192.168.5.5:0
next hop 10.1.24.4/32 Gi0/0/0/1 labels imposed {19 23}
Egress platform showdata is not available.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 147
Troubleshooting 6VPE / MPLS
Verifying Counters on Interface
• Verify the interface counters for mpls forwarding
• If there is forwarding problem, check the counters and ensure they are not
increasing.
• Initiate the VPNv6 prefix ping and verify the counters again to see if they
increased
RP/0/0/CPU0:PE2#show interface gigabitethernet0/0/0/1 accounting
GigabitEthernet0/0/0/1
Protocol Pkts In Chars In Pkts Out Chars Out
IPV4_UNICAST 261333 20337753 46929 2305821
IPV6_UNICAST 21017 2062274 20995 1964348
MPLS 10 1180 14426 968553
ARP 84 5040 84 3528
IPV6_ND 13296 1193736 10306 742016
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 148
Troubleshooting
MPLS
Traffic-
Engineering
Troubleshooting MPLS TE
The “Fish” Problem
35
M
Tra
ffi c
100
60 40
50
X
ffi c
Tra
M
10
80
45 25
70
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 150
Troubleshooting MPLS TE
Motivation
• Increase efficiency of bandwidth resources
• Prevent over-utilised (congested) links whilst other links are under-
utilised
• Ensures the most desirable/appropriate path for certain traffic types
based on certain policies
• Override the shortest path selected by the IGP
• The ultimate goal is COST SAVING
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 151
Troubleshooting MPLS TE
CSPF – The TE Algorithm
Dijkstra(G, w, s):
• CSPF (executed at ingress) – Initialize-single-source(G,s);
computes an optimal explicit path S = empty set;
Q = V[G];
based on constraints While Q is not empty {
• Bandwidth requirements u = Extract-Min(Q);
S = S union {u};
• Hop limitations for each vertex v in Adj[u] {
relax(u, v, w);
• Administrative groups (link colors) }
}
• Priority (setup and hold) In which:
• Explicit route
G: the graph, represented in some way (e.g.
• Link attributes adjacency list)
w: the distance (weight) for each edge (u,v)
• Reservable bandwidth of the links s (small s): the starting vertex (source)
(static bandwidth minus the S (big S): a set of vertices whose final
shortest path from s have already been
currently reserved bandwidth determined
Q: set of remaining vertices, Q union S = V
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 152
Troubleshooting MPLS TE
draft-manayya-cspf-00
1. CSPF process begins at ingress router with parameters of bandwidth, setup priority, hold
priority and method used incase of equal cost multipath such as random, least fill or most-fill. It
determines the final destination (Egress router).
2. It checks for maximum hop count, include and exclude constraints configured.
3. Check each node for metric and hop count starting with Ingress.
4. For each node check if endpoint is already visited ,if yes then skip the verification. if not check
the link for metric, color and bandwidth (for constraints). The information on each node includes
administrative groups (Color), metrics, static bandwidth, reservable bandwidth, and available
bandwidth priority level. The information contained in the traffic engineering database should be
the same across all routers in the same traffic engineering domain.
5. If it fails then remove this link.
6. If it passes then select the link with shortest path to neighbor router, go to next link and repeat
the step 4.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 153
Troubleshooting MPLS TE
draft-manayya-cspf-00 (contd…)
• Repeat the steps 3 to 5 for all nodes
• The result of the CSPF algorithm is formed into a strict-hop ERO (Explicit Route Object)
• When the ERO is completed, the ERO is passed to the RSVP (Resource Reservation Protocol)
process, where it is used for signaling and establishing the LSP in the network.
• If it is not possible to find the path then indicate about not finding a route then retry after retry
interval.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 154
Troubleshooting MPLS TE
RSVP Overview
• Once the path is calculated, it must be signaled across the network
• Reserve any bandwidth to avoid “double booking” from other TE reservations
• Priority can be used to pre-empt low priority existing tunnels
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 155
Troubleshooting MPLS TE
RSVP Overview – Admission Control
• On receipt of PATH message
• Router will check there is bandwidth available to honour the reservation
• If bandwidth available then RSVP accepted
Does RSVP actually allocates the b/w across the path for TE tunnel?
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 156
Troubleshooting MPLS TE
RSVP Overview – Admission Control
100
60 40
50
RSVP Path
Message
(10M)
PATH RSVP
80
45 25 RESV
BW=10 30 Message
70
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 157
Troubleshooting MPLS TE
Configuration / Feature requirements
• RSVP should be enabled on relevant interfaces
• mpls traffic-eng should be enabled
• Globally 100
• Interface level 60 40
50
• IGP Level
• Dynamic
• Explicit-path
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 158
Troubleshooting MPLS TE
Autoroute Announce
• Used to include TE LSP in SPF calculations
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 159
Troubleshooting MPLS TE
Forwarding Adjacency
• Autoroute does not advertise the LSP into the IGP
R1 R4 R5
R3 R8
R2 R6 R7
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 160
Troubleshooting MPLS TE
Verification Commands
• Verifying RSVP Interfaces
• Show ip rsvp interface
• Verifying TE Tunnels
• Show mpls traffic-eng tunnels tunnel <num>
• Show mpls traffic-eng forwarding (XR)
• Show mpls traffic-eng forwarding-adjacency
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 161
Troubleshooting MPLS TE
RSVP Troubleshooting
RP/0/0/0:R1#sh rsvp counters messages summary
Path 0 25 Resv 30 0
PathError 0 0 ResvError 0 1
PathTear 0 30 ResvTear 12 0
ResvConfirm 0 0 Ack 24 37
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 162
Verify Basic TE Tunnel Forwarding
RP/0/RP0/CPU0:PE2#show mpls traffic-eng tunnels 400
Name: tunnel-te400 Destination: 192.168.4.4 Ifhandle:0x580
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 1, type dynamic (Basis for Setup, path weight 1)
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 0 kbps CT0
Creation Time: Thu Jun 15 19:22:40 2017 (00:15:46 ago)
Config Parameters:
Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (global)
Path Selection:
<snip>
Fast Reroute: Disabled, Protection Desired: None
Path Protection: Not Enabled BFD Fast Detection: Disabled
Reoptimization after affinity failure: Enabled
Soft Preemption: Disabled
History: Tunnel has been up for: 00:15:46 (since Thu Jun 15 19:22:40 UTC 2017)
Current LSP: Uptime: 00:15:46 (since Thu Jun 15 19:22:40 UTC 2017)
Path info (OSPF 100 area 0):
Node hop count: 1
Hop0: 10.24.1.4
Hop1: 192.168.4.4
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 163
Troubleshooting MPLS TE
Re-optimization Configs
• Configuration
• Logging
• Logging events lsp-status reoptimize (XR TE Tunnel interface
config)
• Logging events lsp-status reroute (XR TE Tunnel interface config)
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 164
Troubleshooting MPLS TE
Troubleshooting : TE Tunnel does not come up
RP/0/RP0/CPU0:PE2# show mpls traffic-eng tunnel 400 detail
Wed May 29 14:07:50.428 UTC
Name: tunnel-te 400 Destination: 0.0.0.0
Status:
Admin: up Oper: down Path: not valid Signalling: Down
path option 10, type dynamic (Basis for Setup, path weight 2)
ospf 100 area 0
G-PID: 0x0800 (internally specified)
Config Parameters:
Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff Very verbose
Metric Type: TE (default) reason given here
AutoRoute: disabled LockDown: disabled on this line for
Loadshare: 0 equal loadshares config errors
Auto-bw: disabled(0/0) 0 Bandwidth Requested: 0
Direction: unidirectional
Endpoint switching capability: unknown, encoding type: unassigned
Transit switching capability: unknown, encoding type: unassigned
Reason for the tunnel being down: No destination is configured
History:
Prior LSP:
ID: path option 10 [13]
Removal Trigger: signalling shutdown No Destination
configured under
Tunnel interface
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 165
Troubleshooting MPLS TE
Troubleshooting : TE Tunnel does not come up
RP/0/RP0/CPU0:PE2#show mpls traffic-eng tunnel 400 detail
Name: tunnel-te400 Destination: 192.168.4.4
Status:
Admin: up Oper: down Path: not valid Signalling: Down
path option 10, type dynamic (Basis for Setup, path weight 2)
ospf 100 area 0
G-PID: 0x0800 (internally specified)
Config Parameters:
Bandwidth: 1 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (default)
AutoRoute: enabled LockDown: disabled
Loadshare: 0 equal loadshares
Auto-bw: disabled(0/0) 0 Bandwidth Requested: 1
Direction: unidirectional
Endpoint switching capability: unknown, encoding type: unassigned
Transit switching capability: unknown, encoding type: unassigned Insufficient RSVP b/w.
History: Bandwidth command not
Prior LSP: configured under rsvp.
ID: path option 1 [21] or
Removal Trigger: path verification failed is misconfigured
Last Error:
PCALC:: No path to destination, 192.168.4.4(bw)
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 166
Troubleshooting MPLS TE
Troubleshooting : TE Tunnel does not come up
RP/0/RP0/CPU0:PE2#show mpls traffic-eng tunnel 400 detail
Name: tunnel-te400 Destination: 192.168.4.4
Status:
Admin: up Oper: down Path: not valid Signalling: Down
path option 10, type dynamic (Basis for Setup, path weight 2)
ospf 100 area 0
G-PID: 0x0800 (internally specified)
Config Parameters:
Bandwidth: 1 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (default)
AutoRoute: enabled LockDown: disabled
Loadshare: 0 equal loadshares
Auto-bw: disabled(0/0) 0 Bandwidth Requested: 1 Tunnel has no
Direction: unidirectional alternative path
Endpoint switching capability: unknown, encoding type: unassigned Or
Transit switching capability: unknown, encoding type: unassigned Explicit path is
History: misconfigured.
Prior LSP:
ID: path option 1 [21]
Removal Trigger: path verification failed
Last Error:
PCALC:: No path to destination, 192.168.4.4(reverselink or exclude-link)
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 167
Troubleshooting MPLS TE
TE Tunnel not up (Summary)
• RSVP Signaling in progress
• Show rsvp sessions dst-port
• No path available
• Show mpls traffic-eng igp-area
• Show mpls traffic-eng topology model-type rdm|mam
(Russian Dolls / Maximum allocation)
• Show mpls traffic-eng link-management interface x/y
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 170
Troubleshooting MPLS TE
Maximum Allocation Model (MAM)
• BW pool applies
to one class
BC0
Class0
• Sum of BW pools may exceed MRB
Maximum
• Sum of total BC1 Class1 All Reservable
Classes Bandwidth
reserved BW may (MRB)
not exceed MRB BC2 Class2
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 171
CBTS – Configuration Example
Both tunnels to same
interface Tunnel65
destination but different QoS
ip numbered loopback0
tunnel destination 192.168.2.2
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng bandwidth sub-pool 30000
tunnel mpls traffic-eng exp 5
interface Tunnel66
ip numbered loopback0
tunnel destination 192.168.2.2
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng bandwidth 50000
tunnel mpls traffic-eng exp default
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 172
Troubleshooting MPLS TE
Traces to collect on IOS XR
CEF (forwarding) Show cef mpls trace location <line card location>
Show cef platform trace all all location <line card location>
Show cef trace location <line card location>
Show mpls forwarding tunnel detail
Show mpls forwarding labels hardware ingress/egress detail loc
Show cef mpls adj tunnel-te <> hardware ingress/egress detail loc <>
SONET Show sonet-local trace location <line card location>
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 173
Troubleshooting MPLS TE
Tunnel Protection
• Mechanism to mitigate packet loss during a failure
• Pre-provisioned protection tunnels that carry traffic when a
protected link or node goes down
• MPLS TE protection also known as FAST REROUTE
• Protects against LINK FAILURE
• For example, Fibre cut, Carrier Loss, ADM failure
• Protects against NODE FAILURE
• For example, power failure, hardware crash, maintenance
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 174
Troubleshooting MPLS TE
Categories of FRR
• Local Protection
• Link Protection
• Node Protection
• Protects a segment of the tunnel (Node or Link)
• 1:N Scalability
• Faster failure recovery
• Path Protection
• Protects individual tunnels
• 1:1 Scalability
• More resource consumption
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 175
Troubleshooting MPLS TE
Link Protection
P-3
pop
TE Label
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 176
Troubleshooting MPLS TE PLR
P-3
pop
TE Label
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 177
Troubleshooting MPLS TE
Node Protection
P-3
pop
TE Label
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 178
Troubleshooting MPLS TE
Node Protection
P-3
pop
TE Label
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 179
Troubleshooting MPLS TE
Node Protection
P-3
pop
TE Label
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 180
MPLS Traffic-
Engineering Demo
SP SDN –
Segment Routing
Segment Routing
Path towards Segment Routing
• LDP had its own challenges
• Extra process required (LDP) + It creates complicated interaction with IGP
(LDP-IGP Sync)
• RSVP-TE – Deployment and scalability issues (Only 10% SP space
uses RSVP-TE and that too with FRR use-case)
• Always-on Feature, even when TE is not required in the network
• Need network that could understand application requirements
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 183
Segment Routing
Overview
• SR originally meant “Strade Romane” – network of roads which were built by Roman
Empire
• The name was later changed to Segment Routing
• SR is nothing but Application Engineered Routing, where application makes request
to the network (controller) to provide it a path that would serve the needs of the
application
• SR is a source based routing, where the source chooses a path based on the
application requirements
• The chosen path is encoded in the packet header as an ordered list of segments
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 184
Segment Routing – Forwarding Plane
• MPLS: an ordered list of segments is represented as a stack of labels
• Segment → Label
• Basic building blocks distributed by the IGP or BGP
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 186
IGP segments
• Two basic building blocks distributed by IGP
• Prefix Segments
• Adjacency Segments
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 187
IGP Prefix Segment 16005
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 188
IGP Prefix Segment
16004
• Shortest-path to the IGP prefix
• Equal Cost MultiPath (ECMP)-aware
• Global Segment
1 2
• Label = 16000 + Index 16004
16004 16004
• Advertised as index
5
• Distributed by ISIS/OSPF 16004
16004
3 4
1.1.1.4/32
16004
All nodes use default SRGB
16,000 – 23,999
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 189
IGP Adjacency Segment
• Forward on the IGP adjacency
• Local Segment
1 2
• Advertised as label value
• Distributed by ISIS/OSPF
Adj to 2
5
24042
Adj to 5
3 4 24045
24043
Adj to 3
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 190
All nodes use default SRGB
16,000 – 23,999
3 4
16004 24045
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 191
Segment Routing – 3 Segments Example
PHP
• Source routing – ordered list of segments
3000 • Stack of MPLS labels
1900 1900 • IPv6 Routing Extension
1700 1700 • MPLS labels are advertised by the IGP
Global label • Simplicity
3000
A B C D
1700
segment 1 Global label
segment 2 I
1700
E F G H
Adjacency
1700 segment 3
label 1900
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 192
Segment Routing - Control Plane & Data
Plane
MPLS Control and Forwarding Operation with Segment
Routing
Services
MP-BGP
No changes to
IPv4 IPv6
IPv4 IPv6 VPWS VPLS control or
PE1 PE2 VPN VPN
forwarding plane
Packet
Transport LDP RSVP Static BGP IS-IS OSPF IGP or BGP label
distribution for
PE1 IGP PE2
IPv4 and IPv6.
MPLS Forwarding
Forwarding plane
remains the same
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 194
SR enabled node
SID Encoding
SRGB = [ 16,000 – 23,999 ] – Advertised as base = 16,000, range = 8,000
Prefix SID = 16,001 – Advertised as Prefix SID Index = 1
Adjacency SID = 24000 – Advertised as Adjacency SID = 24000
• Prefix SID
• Label form SR Global Block (SRGB)
• SRGB advertised within IGP via TLV
• In the configuration, Prefix-SID can be configured as an absolute value or an index
• In the protocol advertisement, Prefix-SID is always encoded as a globally unique index
Index represents an offset from SRGB base, zero-based numbering, i.e. 0 is 1st index
E.g. index 1 SID is 16,000 + 1 = 16,001
• Adjacency SID
• Locally significant
• Automatically allocated by the IGP for each adjacency
• Always encoded as an absolute (i.e. not indexed) value
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 195
SR IS-IS Control Plane Summary
• IPv4 and IPv6 control plane
• Level 1, level 2 and multi-level routing
• Prefix Segment ID (Prefix-SID) for host prefixes on loopback
interfaces
• Adjacency Segment IDs (Adj-SIDs) for adjacencies
• Prefix-to-SID mapping advertisements (mapping server)
• MPLS penultimate hop popping (PHP) and explicit-null signaling
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 196
SID index 1
1.1.1.2 1.1.1.1
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 197
SR OSPF Control Plane Summary
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 198
SID index 1
1.1.1.2 1.1.1.1 1.1.1.4
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 199
MPLS Data Plane Operation (labeled)
Prefix SID Adjacency SID
Adjacency
SID = X
Swap Pop
X
X X Y Y
• Packet forwarded along IGP shortest path (ECMP) Packet forwarded along IGP adjacency
• Swap operation performed on input label Pop operation performed on input label
• Same top label if same/similar SRGB
Top labels will likely differ
• PHP if signaled by egress LSR
Penultimate hop always pops last adjacency SID
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 200
MPLS Data Plane Operation (Prefix SID)
SRGB [16,000 – 23,999 ] SRGB [16,000 – 23,999 ] SRGB [16,000 – 23,999 ] SRGB [16,000 – 23,999 ]
A B C D Loopback X.X.X.X
Prefix SID Index = 41
16041 16041
VPN Label VPN Label VPN Label
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 201
MPLS Data Plane Operation (Adjacency SIDs)
SRGB [16,000 – 23,999 ] SRGB [16,000 – 23,999 ] SRGB [16,000 – 23,999 ] SRGB [16,000 – 23,999 ]
A B X D Loopback X.X.X.X
Adjacency Prefix SID Index = 41
SID = 30206
Push Pop Pop Pop
Push
Push
30206
16041 16041
VPN Label VPN Label VPN Label
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 202
LDP-SR Migration
Assumptions:
• all the nodes can be upgraded to SR
3 4
LDP LDP
1 LDP 2
5 6
LDP LDP
LDP Domain
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 204
Assumptions:
• all the nodes can be upgraded to SR
5 6
SR+LDP SR+LDP
SR+LDP Domain
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 205
Assumptions:
• all the nodes can be upgraded to SR
SR+LDP Domain
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 206
Assumptions:
• all the nodes can be upgraded to SR
• In no particular order 3 4
• leave default LDP label imposition preference SR SR
SRGB: 16000-23999
IOS-XE
XE-2(config)#segment-routing mpls
XE-2(config-srmpls)#connected-prefix-sid-map
XE-2(config-srmpls-conn)#address-family ipv4
XE-2(config-srmpls-conn-af)#2.2.2.2/32 absolute 16002 range 1
XE-2(config-srmpls-conn-af)#exit
XE-2(config-srmpls-conn)#exit
XE-2(config-srmpls)#exit
XE-2(config)#router isis SR-AS-1
XE-2(config-router)#segment-routing mpls
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 209
Segment Routing Migration Demo
ODN
SR-PCE
• SR-PCE is an IOS XR multi-domain stateful SR Path Computation
Element (PCE)
• IOS XR: XTC functionality is available on any physical or virtual IOS XR
node, activated with a single configuration command
• Multi-domain: Real-time reactive feed via BGP-LS/ISIS/OSPF from
multiple domains; computes inter-area/domain/AS paths
• Stateful: takes control of SRTE Policies, updates them when required
• SR PCE: native SR-optimized computation algorithms
REST API
Native SR
Multi-Domain algorithms
Topology
Topo
Compute
DB
SR-PCE runs on
virtual or physical
IOS-XR node
Collect Deploy
IGP PCEP
BGP-LS
BGP
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 213
ODN Workflow
BGP VPNv4
BGP RR BGP RR
BGP VPNv4
• Routes tagged with a user-defined COLOR BGP VPNv4
BGP color comm.
“gold”
to convey SLA requirements
• VPN routes propagated via BGP
BGP color comm.
BGP “gold” Y/24
XR-1 XR-3 XR-5 XE-7
1.1.1.1 3.3.3.3 5.5.5.5 7.7.7.7
XE-8 XR-9
8.8.8.8 9.9.9.9
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 214
ODN Workflow
SRTE • Ingress PE matches on user-specified BGP “color” community
XTC-A
On-demand color • Ingress PE enforces a “template” associated with the color community
SR PCE
“gold”
contact PCE
request path to
BGP NH
minimize TE metric Need a path to node (9)?
Minimizing TE metric
PCReq
BGP XE-7
XR-1 XR-3 XR-5
1.1.1.1 3.3.3.3 5.5.5.5 7.7.7.7
XE-8 XR-9
8.8.8.8 9.9.9.9
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 215
PCEP
XTC-A XTC-B
SR PCE SR PCE
PCEP
PCEP
BGP XE-7
XR-1 XR-3 XR-5
1.1.1.1 3.3.3.3 5.5.5.5 7.7.7.7
XE-8 XR-9
8.8.8.8 9.9.9.9
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 216
Demo - ODN
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 218
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 219
Complete your
online session • Please complete your session survey
evaluation after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live water bottle.
• All surveys can be taken in the Cisco Live
Mobile App or by logging in to the Session
Catalog on ciscolive.cisco.com/us.
Cisco Live sessions will be available for viewing
on demand after the event at ciscolive.cisco.com.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 220
Thank you
#CLUS
#CLUS
Reference Slides
Troubleshooting
MPLS with NX-OS
Troubleshooting MPLS with NX-OS
Software Architecture
IM/OIM/
MPLS-Mgr L3VM
CLI URIB
SNMP ULIB
System
LDP IGP
Manager
Feature
Netstack
Manager
License
Manager PSS
MTS
Shared Memory
Message Queue
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 225
Troubleshooting MPLS with NX-OS
Component Functions
• Interact with ULIB
• Allocate local label for prefixes
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 226
Troubleshooting MPLS with NX-OS
Component Functions (contd…)
• Interact with L3VM
• VRF table id
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 227
Troubleshooting MPLS with NX-OS
MPLS Packet Flow
L2FT FIB
LDB ILM ADJ ELM RIT
(DMAC) TCAM
• LDB – L2 Features; Perform LDP lookup to derive LIF / BD for ingress packet
• L2FT – Perform SMAC and DMAC lookup; DMAC should be router MAC
• ILM – Lookup ingress LIF MAP table and identify feature enabled, i.e. MPLS
• FIB – Deals with both PI and PD programming
• ADJ – FIB results provides adjacency points to egress LIF
• ELM – Egress LIF has the DI for egress interface
• RIT – Generate the rewrite (SMAC, DMAC and Label rewrite [push, pop, swap])
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 228
Troubleshooting MPLS with NX-OS
LDB – Check if the router BD is set in the LDP entry
module-1# show hardware internal forwarding interface e1/1
Software Tables:
Interface = Ethernet1/1 LTL Index = 0x422 LIF = 0x4002
State(up) Layer(L3) Mode(0x0) VDC(1) Local Port(yes)
Number of Member Ports(0x0)
LDB Sharing(no) LDB Base(0xc801) LDB Port Features(no)
Hardware Tables:
Instance: 0x1
L2-LIF-MAP entry with index = 0x422
ldb_base = 0xc801 add_vlan = 0
Instance: 0x1
L2-LIF entry with index = 0xc801
pt_cam_en = 0 ipv4_igmp_snoop = 0 ipv4_pim_snoop = 0 ipv6_mld_snoop = 0
ipv6_pim_snoop = 0 bd = 0x2 l2v4 = 0 ingr_lif = 0x4002
<snip>
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 229
Troubleshooting MPLS with NX-OS
Check if the router BD is set in the LDP entry
module-1# show hardware internal forwarding interface e1/1
Software Tables:
Interface = Ethernet1/1 LTL Index = 0x422 LIF = 0x4002
State(up) Layer(L3) Mode(0x0) VDC(1) Local Port(yes)
Number of Member Ports(0x0)
LDB Sharing(no) LDB Base(0xc801) LDB Port Features(no)
Hardware Tables:
Instance: 0x1
L2-LIF-MAP entry with index = 0x422
ldb_base = 0xc801 add_vlan = 0
Instance: 0x1
L2-LIF entry with index = 0xc801
pt_cam_en = 0 ipv4_igmp_snoop = 0 ipv4_pim_snoop = 0 ipv6_mld_snoop = 0
ipv6_pim_snoop = 0 bd = 0x2 l2v4 = 0 ingr_lif = 0x4002
<snip>
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 230
Troubleshooting MPLS with NX-OS
Verify L2FT and ILM
L2FT
show hardware mac address-table
FE | Valid| PI| BD | MAC | Index| Stat| SW | Modi| Age| Tmr| GM| Sec| TR| NT| RM| RMA| Cap| Fld|Always
---+------+---+------+---------------+-------+-----+-----+-----+----+----+---+----+---+---+---+----+----+----+------
ILM
NX-OS# show hardware internal forwarding interface Ethernet 1/1 module 10 | inc mpls_en
l2l3_lkup_cfg = 0 mpls_en = 1 sm_en = 0 red_ids_chk_fail_en = 1 v4_rpfv3_en = 0
ipv4_en = 1 eompls_en = 0 mpls_en = 1
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 231
Troubleshooting MPLS with NX-OS
Verifying FIB - PI
N7k-1# show forwarding route module 1
----------------+----------------------------------------+----------------------+-----------------
Prefix | Next-hop | Interface | Labels
----------------+----------------------------------------+----------------------+-----------------
<snip>
192.168.2.2/32 nxthop 10.12.1.2 Ethernet1/2 NO-OP
192.168.3.3/32 nxthop 10.12.1.2 Ethernet1/2 PUSH 21
192.168.4.4/32 nxthop 10.12.1.2 Ethernet1/2 PUSH 22
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 232
Troubleshooting MPLS with NX-OS
Verifying FIB – PI – Forwarding and Adjacency Info
N7k-1# show forwarding mpls module 1
--------+-----------+-------------------+----------------+-------------+-------
Local |Prefix |FEC |Next-Hop |Interface |Out
Label |Table Id |(Prefix/Tunnel id) | | |Label
--------+-----------+-------------------+----------------+-------------+-------
18 |0x1 |192.168.2.2/32 |10.12.1.2 |Ethernet1/2 |Pop Label
19 |0x1 |192.168.3.3/32 |10.12.1.2 |Ethernet1/2 |21
20 |0x1 |192.168.4.4/32 |10.12.1.2 |Ethernet1/2 |22
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 233
Troubleshooting MPLS with NX-OS
Verifying FIB – PD – MPLS Programming
N7k-1# show system internal forwarding mpls detail
Table id = 0x1
------------------
----+--------+--------+------------+----------+----------+-----------+--------+
Dev | Index |Priority| In-label | AdjIndex | LIF | Out-label | Op
----+--------+--------+------------+----------+----------+-----------+--------+
0 0x5624 0x23c2 16 0x5c 0x1fe0 0 POP ONE
0 0x5625 0x23c3 17 0x5c 0x1fe0 0 POP ONE
0 0x5224 0x23c4 18 0x62 0x2 3 POP ONE
0 0x5225 0x23c5 19 0x60 0x2 21 SWAP ONE
0 0x5c24 0x23c6 20 0x64 0x2 22 SWAP ONE
0 0x5c25 0x23c7 21 0x65 0x3 0 POP ONE
Table id = 0x2a
------------------
----+--------+--------+------------+----------+----------+-----------+--------+
Dev | Index |Priority| In-label | AdjIndex | LIF | Out-label | Op
----+--------+--------+------------+----------+----------+-----------+--------+
No labels in table
Aggregate Table id = 0x2a
------------------
--------+--------+
label | vpn_id
--------+--------+
0 492287 0x2a
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 234
Troubleshooting MPLS with NX-OS
Verify Label Information in Hardware
pe1# show system internal forwarding mpls label
show system internal forwarding mpls
Table id = 1
------------------
----+--------+------------+----------+----------+-----------+--------+
Dev | Index | In-label | AdjIndex | LIF | Out-label | Op
----+--------+------------+----------+----------+-----------+--------+
0 0x1ffa9 18 0x62 0x2 3 POP ONE
0 0x5225 19 0x60 0x2 21 SWAP ONE
0 0x5c24 20 0x64 0x2 20 SWAP ONE
FIB DRAM
FIB TCAM Egress LIF
Adjacency
Index (LTL)
Index
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 235
Troubleshooting MPLS with NX-OS
Route Update PD Verification
• Use the following command to check the route in FIB PD
• Show system internal forwarding route
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 236
Troubleshooting MPLS with NX-OS
Troubleshooting L3VPN VRF Issues
• Check for L3VM process for the event-traces to verify the events that
occurrent for the VRF
N7k-1# show system internal l3vm event-history vrf
VRF events for L3VM Process - Bufsize 1000 KB2017
2017 Jun 14 09:10:02.139925 l3vm [5710]: [5830]: Updated interface Ethernet1/1 cmd <vrf member TEST>
2017 Jun 14 09:10:02.139757 l3vm [5710]: [5830]: Interface Ethernet1/1 (IOD 37) changing from VRF default to VRF TEST - Count 1
2017 Jun 14 09:10:02.139728 l3vm [5710]: [5830]: Interface Ethernet1/1 (IOD 37) will be down, VRF default UP-IF count 1
2017 Jun 14 09:10:02.139680 l3vm [5710]: [5830]: Moving Ethernet1/1 (ifindex: 0x1a000000 iod: 37) from VRF default to VRF TEST
2017 Jun 14 09:10:02.139522 l3vm [5710]: [5830]: Deleting all L3VM_PSS_IF_KEY config for interface Ethernet1/1
2017 Jun 14 09:10:02.137418 l3vm [5710]: [5830]: [VSH] Process interface Eth1/1 cmd <vrf member TEST>
2017 Jun 14 09:06:24.460917 l3vm [5710]: [5830]: Updated vrf TEST cmd <address-family ipv4 unicast>
2017 Jun 14 09:06:24.460771 l3vm [5710]: [5830]: [VSH] Process vrf TEST cmd <address-family ipv4 unicast>
2017 Jun 14 09:06:24.426293 l3vm [5710]: [5830]: l3vm_pd_process_l3vm_mts_msg_from_ctrl: Received l3vm notification (mtype: 4)
2017 Jun 14 09:06:24.426270 l3vm [5710]: [5830]: l3vm_pd_process_l3vm_mts_msg_from_ctrl: Received l3vm notification (mtype: 4)
2017 Jun 14 09:06:24.426239 l3vm [5710]: [5830]: l3vm_pd_process_l3vm_mts_msg_from_ctrl: Received l3vm notification (mtype: 1)
2017 Jun 14 09:06:24.424511 l3vm [5710]: [5829]: VRF TEST:ipv4:base table (Up:--) sending: Table create
2017 Jun 14 09:06:24.424372 l3vm [5710]: [5829]: VRF TEST:ipv6:base table (Up:--) sending: Table create
2017 Jun 14 09:06:24.424256 l3vm [5710]: [5829]: VRF TEST (Up:--) sending: VRF create
2017 Jun 14 09:06:24.424006 l3vm [5710]: [5829]: VRF TEST - Created
2017 Jun 14 09:06:24.424002 l3vm [5710]: [5829]: VRF TEST (Up:--) sdb ack
2017 Jun 14 09:06:24.423008 l3vm [5710]: [5829]: gsdb_op_callback() - gsdb context 0x0003ce86
2017 Jun 14 09:06:24.421933 l3vm [5710]: [5830]: Updated cmd <vrf context TEST>
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 237
Inter-AS MPLS VPN
Inter-AS MPLS VPNs
Flavors
• Previous section – VPNs within Single-AS boundary
• Inter-AS MPLS VPN – VPNs spanning across multiple AS
boundaries
• Types:
• Option A – Back to Back VRF
• Option B – Inter-Provider VPNs using ASBR-to-ASBR approach
1. Next-Hop-Self Method
2. Redistribute Connected Method
3. Multi-hop EBGP between ASBRs
• Option C – MP-EBGP between RR and EBGP between ASBR
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 239
Inter-AS VPN Topology RR
RR
R3 ASBR XR4
ASBR 192.168.2.2
192.168.1.1
PE
R5 XR6 PE
CE CE
R7 R8
AS 700 AS 700
100.64.7.7 #CLUS 100.64.8.8
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Inter-AS VPN Option A: Back to Back VRFs RR
RR
R3 ASBR XR4
ASBR VRF VPN01 VRF VPN02 192.168.2.2
192.168.1.1
IPv4 + IGP/BGP
AS100 ASBR AS200
R1
VPN02 XR2 VPN02
R3 ASBR XR4
ASBR 192.168.2.2
192.168.1.1
R3 ASBR XR4
ASBR 192.168.2.2
192.168.1.1
CE CE
R7 R8
AS 700 AS 700
100.64.7.7 #CLUS © 2019 Cisco and/or its affiliates. All rights 100.64.8.8
244 reserved. Cisco Public
Inter-AS VPN Option B1: ASBR to ASBR w/ Next-Hop-Self RR
RR
Next-Hop-Self Next-Hop-Self
R3 ASBR XR4
ASBR MP-EBGP 192.168.2.2
192.168.1.1
PE
R5 XR6 PE
*Jun 20 19:35:50.710: BGP: nbr_topo global 192.168.3.3 VPNv4 Unicast:base (0x110FC570:1) rcvd
Refresh Start-of-RIB
*Jun 20 19:35:50.711: BGP(4): 192.168.3.3 rcvd UPDATE w/ attr: nexthop 192.168.5.5, origin ?,
localpref 100, metric 0, originator 192.168.5.5, clusterlist 192.168.3.3, merged path 700, AS_PATH
, extended community RT:100:1
*Jun 20 19:35:50.714: BGP(4): 192.168.3.3 rcvd 100:1:100.64.7.0/24, label 5003 - DENIED due to:
extended community not supported;
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 246
Inter-AS VPN Option B1: ASBR to ASBR w/ Next-Hop-Self RR
RR interface GigabitEthernet0/2
ip address 172.16.12.1 255.255.255.0
R3 mpls bgp forwarding ASBR XR4
ASBR ! MP-EBGP 192.168.2.2
192.168.1.1
router bgp 100
AS100 bgp log-neighbor-changes ASBR AS200
VPN02 R1 no bgp default ipv4-unicast XR2 VPN02
no bgp default route-target filter
neighbor 172.16.12.2 remote-as 200
neighbor 192.168.3.3 remote-as 100
neighbor 192.168.3.3 update-source Loopback0
PE !
R5 XR6 PE
address-family vpnv4
neighbor 172.16.12.2 activate
neighbor 172.16.12.2 send-community extended
neighbor 192.168.3.3 activate
neighbor 192.168.3.3 send-community extended
CE neighbor 192.168.3.3 next-hop-self
R7 R8 CE
AS 700 AS 700
100.64.7.7 #CLUS 100.64.8.8
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Inter-AS VPN Option B1: ASBR to ASBR w/ Next-Hop-Self RR
RR
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 249
Inter-AS MPLS VPNs
Problems with Route Installation: Checking on the RRs
R3#show bgp vpnv4 unicast all | b Netw
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1
*>i 100.64.7.0/24 192.168.5.5 0 100 0 700 ?
*>i 172.16.57.0/24 192.168.5.5 0 100 0 ?
Route Distinguisher: 200:1
*>i 100.64.8.8/32 192.168.1.1 0 100 0 200 700 ?
*>i 172.32.68.0/24 192.168.1.1 0 100 0 200 ?
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 250
Inter-AS MPLS VPNs
Problems with Route Installation: Solution 1 – Additional Import Statements
Simple Solution, but does it scale?
R3 (IOS PEs) XR4 (IOS XR PEs)
vrf definition VPN01 vrf VPN02
rd 100:1 address-family ipv4 unicast
route-target export 100:1 import route-target
route-target import 100:1 200:1
route-target import 200:1 100:1
!
export route-target
200:1
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 251
Inter-AS MPLS VPNs
Problems with Route Installation: Solution 2 – Route Target ReWrite on ASBRs
IOS ASBRs (R1)
ip extcommunity-list 1 permit rt 200:1
route-map REWRITE permit 10
match extcommunity 1
set extcomm-list 1 delete
set extcommunity rt 100:1 additive
!
router bgp 100
address-family vpnv4
neighbor 172.16.12.2 activate
neighbor 172.16.12.2 send-community extended
neighbor 172.16.12.2 route-map REWRITE in
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 252
Inter-AS MPLS VPNs
Problems with Route Installation: Solution 2 – Route Target Re-Write on ASBRs
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 253
Inter-AS VPN Option B1: ASBR to ASBR w/ Next-Hop-Self RR
RR
R3 ASBR XR4
ASBR MP-EBGP 192.168.2.2
192.168.1.1
R3 ASBR XR4
ASBR MP-EBGP 192.168.2.2
192.168.1.1
router static
address-family ipv4 unicast
172.16.12.1/32 GigabitEthernet0/0/0/1
PE
R5 XR6 PE
CE CE
R7 R8
AS 700 AS 700
100.64.7.7 #CLUS 100.64.8.8
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Inter-AS VPN Option B1: ASBR to ASBR w/ Next-Hop-Self RR
RR
R3 ASBR XR4
ASBR MP-EBGP 192.168.2.2
192.168.1.1
R3 ASBR XR4
ASBR MP-EBGP 192.168.2.2
192.168.1.1
CE7#trace 100.64.8.8
Type escape sequence to abort.
PE Tracing the route to 100.64.8.8
R5 VRF info: (vrf in name/id, vrf out name/id) XR6 PE
1 172.16.57.5 3 msec 2 msec 3 msec
2 10.15.1.1 [MPLS: Label 204 Exp 0] 33 msec 17 msec 16 msec
3 172.16.12.2 [MPLS: Label 24003 Exp 0] 16 msec 18 msec 14 msec
4 10.26.1.6 [MPLS: Label 60003 Exp 0] 17 msec 15 msec 16 msec
5 172.32.68.8 [AS 200] 16 msec * 18 msec
CE CE
R7 R8
AS 700 AS 700
100.64.7.7 #CLUS 100.64.8.8
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Inter-AS VPN Option B2: Advertise Peering Link RR
RR
Redistribute Redistribute
R3
Connected Static Route ASBR XR4
ASBR MP-EBGP 192.168.2.2
192.168.1.1
PE
R5 XR6 PE
PE
R5 XR6 PE
R3 ASBR XR4
ASBR 192.168.2.2
192.168.1.1
MP-EBGP
PE & RR Labels
AS100 ASBR AS200
R1
VPN02 XR2 VPN02
v1 172.16.1.1
PE
R5 XR6 PE
Check Routes
R3 Check Routes ASBR XR4
ASBR 192.168.2.2
192.168.1.1
IPv4 + IGP/BGP
AS100 ASBR AS200
R1
VPN02 XR2 VPN02
Check Routes
Check Routes
PE
R5 XR6 PE
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 270
Inter-AS VPN: Examining the MPLS FECs RR
RR Check MPLS Check MPLS
Forwarding Forwarding
R3 Table Table ASBR XR4
ASBR 192.168.2.2
192.168.1.1
IPv4 + IGP/BGP
AS100 ASBR AS200
R1
VPN02 XR2 VPN02
Check MPLS Check MPLS
Forwarding Forwarding
Table Table
PE
R5 XR6 PE
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 271
Troubleshooting Inter-AS VPN: Tip RR
RR
Add a VRF Add a VRF
R3
Check Here Check Here ASBR XR4
ASBR 192.168.2.2
192.168.1.1
IPv4 + IGP/BGP
AS100 ASBR AS200
R1
VPN02 XR2 VPN02
PE
R5 XR6 PE
Sometimes the issue may not appear directly.
Add a loopback interface on ASBR, and place into a VRF.
Provides a method of checking connectivity across the
CE ASBR link. AS 700
R7 AS 700 CE
100.64.7.7 100.64.8.8 R8
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 272
MPLS Carrier
Supporting Carrier
(CSC)
Carrier Supporting Carrier (CSC)
• CSC allows MPLS services across discontiguous areas. Typically
when MPLS services cannot be provided end-to-end because of
geography reasons.
Service Provider 1
CE CE
Customer Customer
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 274
Carrier Supporting Carrier (CSC) Roles
CSC-PE CSC-PE
R1 CSC-CE
CSC-CE XR2
R3 XR4
Backbone
Carrier
Customer Customer
Carrier Carrier
R5 PE PE XR6
CE CE
R7 R8
AS 700 AS 800
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
CSC is not running MPLS inside its POP Sites
MP-IBGP
LDP + IGP
or Labeled
R1
Labeled BGP LDP + IGP XR2 BGP
R3 XR4
IBGP + RR Client
IBGP
IBGP
Customer
Carrier
R5 XR6
EBGP EBGP
CE7 CE7
AS 700 AS 800
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
CSC is not running MPLS inside its POP Sites
MP-IBGP
LDP + IGP
R1
Labeled
LDP + IGP XR2 BGP
interface GigabitEthernet0/1
R3 description to R3 XR4
vrf forwarding CORE
IBGP + RR Client
IBGP
IBGP
IBGP
IBGP
LDP + IGP
or Labeled
R1
Labeled BGP LDP + IGP XR2 BGP
IBGP
IBGP
IBGP
IBGP
IBGP
IBGP
LDP + IGP
or Labeled
R1
Labeled BGP LDP + IGP XR2 BGP
CE7#trace 100.64.8.8
Type escape sequence to abort.
Tracing the route R3
to 100.64.8.8 XR4
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.57.5 3 msec 3 msec 3 msec IBGP + RR Client
IBGP
IBGP
2 172.16.35.3 [AS 200] [MPLS: Label 3005 Exp 0] 16 msec 18 msec 15 msec
3 172.16.13.1 [MPLS: Label 112 Exp 0] 16 msec 16 msec 16 msec
4 10.12.1.2 [MPLS: Label 24009 Exp 0] 14 Customer
msec 16 msec 16 msec
5 172.32.24.4 [MPLS: Label 44005 Exp 0] 14Carrier
msec 14 msec 16 msec
6 172.32.46.6 [AS
R5 200] 15 msec 15 msec 16 msec
XR6
7 172.32.68.8 [AS 200] 16 msec * 19 msec
EBGP EBGP
CE7 CE7
AS 700 AS 800
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
CSC is running MPLS inside its POP Sites
MP-IBGP
LDP + IGP
or Labeled
R1
Labeled BGP LDP + IGP XR2 BGP
R3
Customer XR4
Carrier
IGP
LDP
IGP
LDP
R5 IBGP XR6
EBGP EBGP
CE7 CE7
AS 700 AS 800
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
CSC is running MPLS inside its POP Sites
MP-IBGP
LDP + IGP
or Labeled
R1
Labeled BGP LDP + IGP XR2 BGP
CE7#trace 100.64.8.8
Type escape sequence to abort.
Tracing the route R3
to 100.64.8.8 Customer XR4
VRF info: (vrf in name/id, vrf out name/id)Carrier
1 172.16.57.5 3 msec 3 msec 3 msec
IGP
LDP
IGP
LDP
2 172.16.35.3 [AS 200] [MPLS: Label 3005 Exp 0] 16 msec 18 msec 15 msec
3 172.16.13.1 [MPLS: Label 112 Exp 0] 16 msec 16 msec 16 msec
4 10.12.1.2 [MPLS: Label 24009 Exp 0] 14 msec 16 msec 16 msec
5 172.32.24.4 [MPLS: Label 44005 Exp 0] 14 msec 14 msec 16 msec
6 172.32.46.6 [AS
R5 200] 15 msec 15 msec 16 IBGP
msec
XR6
7 172.32.68.8 [AS 200] 16 msec * 19 msec
EBGP EBGP
CE7 CE7
AS 700 AS 800
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
CSC is running MPLS VPN inside its POP Sites
MP-IBGP
LDP + IGP
or R1
Labeled
Labeled BGP LDP + IGP XR2 BGP
R3
Customer XR4
Carrier
IGP
LDP
IGP
LDP
R5 MP-IBGP XR6
EBGP EBGP
CE7 CE7
AS 700 AS 800
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
CSC is running MPLS VPN inside its POP Sites
CE7# trace 100.64.8.8 so lo0
Type escape sequence to abort. MP-IBGP
Tracing the route to 100.64.8.8
LDP + IGP
VRF info: (vrf in name/id, vrf out name/id) Labeled
or R1 4 msec
1 172.16.57.5 5 msec 3 msec LDP + IGP XR2 BGP
Labeled BGP
2 172.16.35.3
Backbone Carrier [MPLS: Labels 3005/60005 Exp 0] 18 msec 14 msec 24 msec
3Forwarding
172.16.13.1
Label [MPLS: Labels 112/60005 Exp 0] 15 msec 15 msec 16 msec
Customer XR4msec
4 10.12.1.2 [MPLS:
R3 Labels 24009/60005 Exp 0] 14 msec 12 msec 18
Carrier
5 172.32.24.4 [MPLS: Labels 44005/60005 Exp 0] 21 msec 23 msec 22 msec
IGP
LDP
IGP
LDP
R5 MP-IBGP XR6
EBGP EBGP
CE7 Customer Carrier CE7
VPN Label
AS 700 AS 800
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complete your
online session • Please complete your session survey
evaluation after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live water bottle.
• All surveys can be taken in the Cisco Live
Mobile App or by logging in to the Session
Catalog on ciscolive.cisco.com/us.
Cisco Live sessions will be available for viewing
on demand after the event at ciscolive.cisco.com.
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 287
Continue your education
Demos in the
Walk-in labs
Cisco campus
#CLUS TECMPL-3201 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 288
Thank you
#CLUS
#CLUS