Tecmpl 3201
Tecmpl 3201
Tecmpl 3201
– On All Cisco
Platforms
Vinit Jain – CCIE# 22854 @vinugenie
Brad Edgeworth – CCIE# 31574 @bradedgeworth
Michael Whitaker – CCIE# 51871
TECMPL - 3201
Cisco Spark
Questions?
Use Cisco Spark to chat with the
speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
We will be learning on how MPLS
works and in fact works so smoothly…
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
• Troubleshooting MPLS TE
Agenda
• Fundamentals
• Troubleshooting LDP Issues
• BGP, LDP, RSVP
• Troubleshooting MPLS LSP
• OAM, Multipath Trace
• Troubleshooting MPLS L3 VPNs
• Inter-AS MPLS VPNs
• CsC
• Troubleshooting 6VPE
MPLS
Fundamentals
Why was MPLS created?
• With traditional routing, a router receives a packet and checks the header for the
destination IP address.
• It then locates the longest matching route in the forwarding table
• Performs recursive lookups to find the outbound interface and then forward the
packet out of that interface.
• This process continues for every hop (router) along the path to the packet’s
destination.
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Visualizing the Problem (IP Routing)
Let me look that
up
Network Out Int Network Out Int Network Out Int Network Out Int
10.1.0.0/16 Gi0/2 10.1.0.0/16 Gi0/0 10.1.0.0/16 Gi0/1 10.1.0.0/16 Gi0/0
10.1.1.0/24 Gi0/0 10.1.1.0/24 Gi0/0 10.1.1.0/24 Gi0/1 10.1.1.0/24 Gi0/0
10.12.1.0/24 Gi0/0 10.12.1.0/24 Gi0/0 10.12.1.0/24 Gi0/1 10.12.1.0/24 Gi0/0
10.23.1.0/24 Gi0/0 10.23.1.0/24 Gi0/1 10.23.1.0/24 Gi0/1 10.23.1.0/24 Gi0/0
10.34.1.0/24 Gi0/0 10.34.1.0/24 Gi0/1 10.34.1.0/24 Gi0/0 10.34.1.0/24 Gi0/0
10.4.0.0/16 Gi0/0 10.4.0.0/16 Gi0/1 10.4.0.0/16 Gi0/0 10.4.0.0/16 Gi0/1
10.4.4.0/24 Gi0/0 10.4.4.0/24 Gi0/1 10.4.4.0/24 Gi0/0 10.4.4.0/24 Gi0/2
R1 R2 R3 R4
I need to goto
10.4.4.45
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Creation of Multiprotocol Label Forwarding
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Visualizing the Solution (MPLS Forwarding)
Let me look that Let me look that Let me look that
up label up label up label
R1 R2 R3 R4
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Forwarding Performed by MPLS Labels
MPLS networks forward traffic based upon the outermost MPLS label of a packet.
None of the transit routers require the examination of the packet’s header or
payload as long as a label exists in the packet.
Provides a form of tunneling
In Out In Out In Out
Label Label Network Out Int Label Label Network Out Int Label Label Network Out Int
100 - 10.1.0.0/16 Gi0/2 200 100 10.1.0.0/16 Gi0/0 301 200 10.1.0.0/16 Gi0/0
101 - 10.1.1.0/24 Gi0/1 201 101 10.1.1.0/24 Gi0/0 302 201 10.1.1.0/24 Gi0/0
102 - 10.12.1.0/24 Gi0/0 202 - 10.12.1.0/24 Gi0/0 303 202 10.12.1.0/24 Gi0/0
103 203 10.23.1.0/24 Gi0/0 203 - 10.23.1.0/24 Gi0/1 304 - 10.23.1.0/24 Gi0/0
104 204 10.34.1.0/24 Gi0/0 204 304 10.34.1.0/24 Gi0/1 305 - 10.34.1.0/24 Gi0/0
105 205 10.4.0.0/16 Gi0/0 205 305 10.4.0.0/16 Gi0/1 306 405 10.4.0.0/16 Gi0/1
106 206 10.4.4.0/24 Gi0/0 206 306 10.4.4.0/24 Gi0/1 307 406 10.4.4.0/24 Gi0/1
R1 R2 R3 R4
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
MPLS Fundamentals
MPLS Architecture
• MPLS has two major components:
1. Control plane: Exchanges Layer 3 routing information and labels
2. Forwarding plane: Forwards packets based on labels
• Control plane contains complex mechanisms to exchange routing information,
such as OSPF, EIGRP, IS-IS, and BGP, and to exchange labels, such as TDP,
LDP, BGP, and RSVP.
• Forwarding plane forwards packets based on CEF
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
MPLS Fundamentals
Terminologies
• RIB is the Routing Information Base that is analogous to the IP routing table.
• FIB aka CEF is Forwarding information base that is derived from the IP routing
table.
• LIB is Label Information Base that contains all the label bindings learned via
LDP
• LFIB is Label Forwarding Information Base that is derived from FIB entries and
corresponding LIB entries.
• FEC ( Forwarding Equivalence Class)
• Group of IP packets forwarded in the same manner (e.g. over same forwarding path)
• A FEC can represent a: Destination IP prefix, VPN ID, ATM VC, VLAN ID, Traffic
Engineering tunnel, Class of Service.
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
MPLS Fundamentals
MPLS Label: Label Format
• MPLS uses a 32-bit label field that is inserted between Layer 2 and Layer 3
headers
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label = 20 bits
COS/EXP = Class of Service, 3 bits
S = Bottom of Stack, 1 bit
TTL = Time to Live (Loop detection)
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
MPLS Fundamentals
MPLS Label: Data Packet
Dest Source MPLS MPLS MPLS Dest Source DSCP TTL Payload
MAC MAC Label EXP TTL IP IP
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
MPLS Fundamentals
MPLS Label: The Label Stack
• \
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
MPLS Fundamentals
MPLS Label: The Label Stack
• MPLS L3 VPNs (two labels: The top label points to the egress router and the
second label identifies the VPN.)
• MPLS TE with Fast Reroute (FRR) (two or more labels: The top label is for
the backup tunnel and the second label points to the primary tunnel
destination.)
• MPLS VPNs combined with MPLS TE / FRR (three labels)
• Carrier Supporting Carrier (CSC) with MPLS TE / FRR (four labels)
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
MPLS Fundamentals
Label Switch Path (LSP)
LSP follows IGP shortest path LSP diverges from IGP shortest path
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Upstream and Downstream MPLS Routers
Relative terms in MPLS – Changes based on destination network
Downstream – Router towards the direction of the destination.
Advertises the local label towards the source
Upstream – Router towards the source of the packet. Labels the packet
with the downsteam router’s local label.
R1 R2 R3 R4
10.4.4.5 Payload
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
MPLS Labeling Concepts
There are three main label actions that you should be aware of:
Push, SWAP, and POP
Demonstrate with a packet forwarding to 10.4.4.5
In Out In Out In Out
Label Label Network Out Int Label Label Network Out Int Label Label Network Out Int
3 - 10.1.0.0/16 Gi0/2 200 POP 10.1.0.0/16 Gi0/0 301 200 10.1.0.0/16 Gi0/0
.. .. .. .. .. .. .. .. .. .. .. ..
106 206 10.4.4.0/24 Gi0/0 206 306 10.4.4.0/24 Gi0/1 307 POP 10.4.4.0/24 Gi0/1
R1 R2 R3 R4
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
MPLS Labeling Concepts
Push – Placing a new label on to the packet (IP or MPLS)
206
R1 R2 R3 R4
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
MPLS Labeling Concepts
Push – Placing a new label on to the packet (IP or MPLS)
Swap – Removal of topmost label and placing a new label
306
R1 R2 R3 R4
206
306 10.4.4.5 Payload
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
MPLS Labeling Concepts
Push – Placing a new label on to the packet (IP or MPLS)
Swap – Removal of topmost label and placing a new label
Pop – Removal of the topmost label
In Out In Out In Out
Label Label Network Out Int Label Label Network Out Int Label Label Network Out Int
3 - 10.1.0.0/16 Gi0/2 200 POP 10.1.0.0/16 Gi0/0 301 200 10.1.0.0/16 Gi0/0
.. .. .. .. .. .. .. .. .. .. .. ..
106 206 10.4.4.0/24 Gi0/0 206 306 10.4.4.0/24 Gi0/1 306 POP 10.4.4.0/24 Gi0/1
R1 R2 R3 R4
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Implicit Null and Penultimate Hop Pop
Why did R3 have a POP label for 10.4.4.0/24 Network?
R4 places an Implicit Null (MPLS Label #3) for the direct attached
network. This indicates that R4 does not need a label as the network is
directly attached, or that R4 is the last Label Switch Router (LSR) to the
destination
R3 receives Implicit Null for that FEC and places a POP entry in the FIB
for that FEC. Penultimate Hop Pop is the LSR before the edge router.
(IE. R3)
In Out In Out
Label Label Network Out Int Label Label Network Out Int
R1 R2 R3 R4
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
MPLS Fundamentals
MPLS Architecture Incoming IP
Packet
Incoming
MPLS Packet
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
MPLS Fundamentals
MPLS: Ethertype
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
MPLS Fundamentals
Facts Check - Question
• Which protocols have signaling and labeling capabilities?
• OSPF / IS-IS
• RSVP
• LDP / TDP
• BGP
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
MPLS Trivia
Question
Fun with MPLS Trivia
R1, R2, R3, R4 and R5 all have OSPF and MPLS enabled.
What changes can be made on R2 and/or R3 to prevent only R1’s
Loopback (192.168.1.1) from pinging R5’s Loopback (192.168.5.5)?
We will explain some of the concepts that make this work.
R1 R2 R3 R4 R5
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Establishing Adjacency & Swapping Labels
Populating the RIB
• First the IGP (OSPF / IS-IS) is established and routes are exchanged between
all routers
R1 R2 R3 R4
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Establishing Adjacency & Swapping Labels
Creating the Local Labels
• Local Labels are automatically generated for all prefixes in the RIB.
(MPLS Label 3 is reserved for Implicit-Null – directly connected routes)
• This includes local network prefixes
In Out In Out In Out
Label Label Network Out Int Label Label Network Out Int Label Label Network Out Int
3 - 10.1.0.0/16 Gi0/2 200 N/A 10.1.0.0/16 Gi0/0 300 N/A 10.1.0.0/16 Gi0/0
3 - 10.1.1.0/24 Gi0/1 201 N/A 10.1.1.0/24 Gi0/0 301 N/A 10.1.1.0/24 Gi0/0
3 - 10.12.1.0/24 Gi0/0 3 - 10.12.1.0/24 Gi0/0 302 N/A 10.12.1.0/24 Gi0/0
103 N/A 10.23.1.0/24 Gi0/0 3 - 10.23.1.0/24 Gi0/1 3 - 10.23.1.0/24 Gi0/0
104 N/A 10.34.1.0/24 Gi0/0 204 N/A 10.34.1.0/24 Gi0/1 3 - 10.34.1.0/24 Gi0/0
105 N/A 10.4.0.0/16 Gi0/0 205 N/A 10.4.0.0/16 Gi0/1 305 N/A 10.4.0.0/16 Gi0/1
106 N/A 10.4.4.0/24 Gi0/0 206 N/A 10.4.4.0/24 Gi0/1 306 N/A 10.4.4.0/24 Gi0/1
R1 R2 R3 R4
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Establishing Adjacency & Swapping Labels
• Local Labels are exchanged with downstream routers
• Labels are all exchanged at the same time.
(This animation was done to show you the correlation of tables)
R1 R2 R3 R4
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Troubleshooting LDP
Issues
Troubleshooting LDP Issues
LDP Neighborship
LDP neighborship is formed on TCP port 646
Discovery Mechanism:
Basic Discovery – Multicast UDP hellos for directly connected neighbors
Extended Discovery – Targeted Unicast UDP hellos for non-directly connected
neighbors
• Parameters
• Session Keepalive = 60 sec. & Hold time = 180 Sec.
• Discover Hello interval = 5 sec. and Hold Time = 15 sec.
• Can be viewed using the command show mpls ldp parameters
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Troubleshooting LDP Issues
Adjacency Requirements
LDP Router-ID must have a specific routing entry in the RIB
Authentication parameters must match
Multiple L3 links between LDP devices
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Troubleshooting LDP Issues
LDP Neighborship Negotiation
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Troubleshooting LDP Issues
Verifying LDP Neighborship
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Troubleshooting LDP Issues
Reachability and ACL verification
• Verify no ACL in path blocking TCP port 646 and other Multicast traffic for LDP
Hello’s.
PE1#telnet 192.168.11.11 646 /source-interface lo0
Trying 192.168.11.11, 646 ... Verify ACLs in the path or
% Destination unreachable; gateway or host down on the routers itself
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Troubleshooting LDP Issues
LDP Router-id
• If router-id is not set manually, router checks all operational interfaces on the
router(including loopbacks) and chooses the highest IP address as the LDP
router-id.
• LDP_ID should be hardcoded via
• “mpls ldp router-ID <interface>”
• The above configuration will not help unless:
• <interface> is UP when LDP gets started
• Existing LDP_ID (usually an interface) is shut
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Troubleshooting LDP issues
Verifying LDP Connection
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Troubleshooting LDP issues
Problem with xmit / recv
Lo0=192.168.1.1 Lo0=192.168.11.11
PE1 P1
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Troubleshooting LDP issues
LDP No Route Problem
Lo0=192.168.1.1 Lo0=192.168.11.11
PE1 P1
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Troubleshooting LDP issues
Problem due to Summarization
PE1 P1
PE1#show mpls ldp neighbor 192.168.11.11 PE2#sh mpls ldp neighbor 192.168.1.1
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Troubleshooting LDP Issues Also good to check “show
MPLS LDP Trace on IOS XR mpls ldp trace discovery”
0/0/CPU0 t1 [PEER]:506: VRF(0x60000000): Peer(192.168.11.11:0): Peer FSM: Stepped, pp=0x102d9548, event=0, state
0 -> 1
0/0/CPU0 t1 [PEER]:3262: VRF(0x60000000): Release Peer(192.168.11.11:0): rsn 'TCP connection closed' ('Success')
0/0/CPU0 t1 [PEER]:3625: Peer(192.168.11.11:0): Unsupported/Unknown TLV (type 0x506, U/F 1/0) rcvd in INIT msg
0/0/CPU0 t1 [PEER]:506: VRF(0x60000000): Peer(192.168.11.11:0): Peer FSM: Stepped, pp=0x102d9520, event=0, state
0 -> 1
0/0/CPU0 t1 [PEER]:3625: Peer(192.168.11.11:0): Unsupported/Unknown TLV (type 0x506, U/F 1/0) rcvd in INIT msg
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Troubleshooting LDP Issues
LDP & IGP Sync
• When a link comes up, LDP and IGP compete to converge; Labeled traffic drops
if IGP wins.
• When LDP session on a link drops, IGP may continue forwarding labeled traffic
to that link and cause traffic dropped.
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Troubleshooting LDP Issues
LDP & IGP Sync – Solution
• Link up:
• If LDP peer is reachable (alternate route exists), defer IGP adjacency on the link.
• If LDP peer is not reachable (no alternate route), IGP advertise max-metric to reach
neighbor through the link.
• LDP session down:
• IGP advertises max-metric to reach neighbor through the link.
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Troubleshooting LDP Issues
LDP & IGP Sync
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Troubleshooting LDP Issues
LDP & IGP Sync
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Troubleshooting LDP Issues
LDP Session Protection
• Problem:
I. When a link flaps (for a short time),
II. LDP hello adjacency over the link flaps
III. LDP session is torn down then re-setup
IV. LDP re-exchanges label bindings when LDP session is setup (i.e. LDP
re-convergence).
• Solution:
• When LDP session supported by link hello is setup, create a targeted hello to
protect the session.
• When link is down, the targeted hello remains through other path and keeps
the LDP session up.
• When link restores, re-discover neighbors, re-program forwarding.
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Troubleshooting LDP Issues
LDP Session Protection
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Troubleshooting LDP Issues
Case Study - 1
IP RAN
10.12.2.0/24
• 3 routing processes between
R1 and R2
192.168.1.1 192.168.2.2
• Lo0 defined as the LDP router- 10.12.1.0/24
id on both routers
R1 R2
• LDP adjacency is formed just
across one link, down on other
two CORE
10.12.3.0/24
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Troubleshooting LDP Issues
R1#show mpls ldp neighbor
Peer LDP Ident: 192.168.2.2:0; Local LDP Ident 192.168.1.1:0
TCP connection: 10.12.3.2.646 - 192.168.1.1.18418
State: Oper; Msgs sent/rcvd: 31/32; Downstream
Up time: 00:19:22
LDP discovery sources:
GigabitEthernet4, Src IP addr: 10.12.3.2
Addresses bound to peer LDP Ident:
10.255.0.85 10.12.1.2 10.12.2.2 10.12.3.2 192.168.2.2
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Troubleshooting LDP Issues
*Jun 9 03:37:39.492: ldp: Opening listen port 646 for 192.168.2.2 (for hellos from
10.12.2.2)
*Jun 9 03:38:36.470: ldp: adj match for listen record
*Jun 9 03:38:36.470: ldp: lsn_closing is TRUE, adj was found for listen record
*Jun 9 03:38:36.470: ldp: removing/restarting errored listen socket (h_adj:192.168.2.2:0)
*Jun 9 03:38:36.470: ldp: {ldp listen 0.0.0.0:646=>192.168.2.2:0}: Delete listen TCB; tcb
0x7F1D2AD30548 [key 3090]; addr 192.168.2.2
*Jun 9 03:38:36.470: ldp: Unregistered from LDP TCB database tcb 0x7F1D2AD30548 [key
3090], total 1
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Troubleshooting LDP Issues
Case Study - 1
• Verify the TCP connection – You will find the clue
• Router-ID is configured with Lo0 (forced)
• If one of the interfaces is configured with mpls ldp discovery transport-
address interface, then this behavior can be noticed.
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Troubleshooting LSP
Issues
Troubleshooting MPLS LSP
Reasons for LSP to Break
MP-IBGP – VPNv4
LDP + IGP
172.16.11.0/24 10.1.111.0/24 10.1.211.0/24 172.16.22.0/24
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Troubleshooting MPLS LSP
Label Information Base (LIB)
• Remote Binding:
• Prefix + remote label received from LDP neighbor
• Holds LDP router-id
• One binding per LDP neighbor
• LIB stores all labels from all LDP (BGP) neighbors, even the ones that are not
used for packet forwarding (now)
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Troubleshooting MPLS LSP
Looking at the LIB
RTR#show mpls ldp bindings detail
tib entry: 10.1.1.0/30, rev 10
local binding: tag: imp-null
Advertised to:
10.1.2.2:0 10.1.2.6:0 10.1.2.4:0
remote binding: tsr: 10.1.2.2:0, tag: imp-null
remote binding: tsr: 10.1.2.6:0, tag: 12304
remote binding: tsr: 10.1.2.4:0, tag: 12305
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Troubleshooting MPLS LSP
Label Forwarding Information Base (LFIB)
• The LFIB stores local and remote labels for prefixes that are used to forward
packets
• Prefixes that are used = prefixes in routing table (RIB)
• Labels are derived from LIB
LDP TDP
prefix, next-hop and in-
label, out-label prefix + next-hop
LIB LFIB RIB
(prefix, LDP Ident, get in- and out-label for (prefix,next-hop, (prefix, next-hop)
label) (prefix, next-hop) in-label, out-label)
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Troubleshooting MPLS LSP
Building the LFIB
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Troubleshooting MPLS LSP
MPLS OAM
• Defined in RFC 4379
• LSP Ping and Traceroute provide ability to monitor MPLS Label Switched Paths
and quickly isolate MPLS forwarding problems.
• Two messages
• MPLS Echo Request:
MPLS labeled IPv4 or IPv6 UDP packet
• MPLS Echo Reply IPv4 or IPv6 UDP packet
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Troubleshooting MPLS LSP
LSP Ping (ping mpls . . . )
• Simple and efficient mechanism to detect data plane failures in MPLS LSPs
• Verify data plane against the control plane
• Sending “echo request” and receiving “echo reply”
• Verify that packets belonging to a FEC exit the LSP on the correct egress LSR
• Modelled after the well known IP ping and traceroute
• Ping verifies connectivity, traceroute verifies path
• LSP Ping/trace leave the LSR with the correct label stack for the LSP to be
tested
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Troubleshooting MPLS LSP
Packet Format
Sender’s Handle
Sequence Number
TLV …
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Troubleshooting MPLS LSP
Packet Format
• Version number: 1
• Message Type
• MPLS Echo Request
• MPLS Echo Reply
• Reply Mode
1 Do not reply
2 Reply via an IPv4/IPv6 UDP packet
3 Reply via an IPv4/IPv6 UDP packet with Router Alert
4 Reply via application level control channel
• Timestamp
• Time-of-day in seconds and microseconds
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Troubleshooting MPLS LSP
Reply Modes
• Reply Mode – Do Not Reply
• This mode is useful for a keepalive application running at the remote end
• Such an application would trigger state changes if it does not receive
a LSP ping packet within a predefined time
• An MPLS echo request with “do not reply” may also be used by the receiving
router to log gaps in the sequence numbers and/or maintain delay/jitter statistics
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Troubleshooting MPLS LSP
Reply Modes
• Reply Mode – Reply via an IPv4 UDP Packet
• The Reply via UDP packet implies that an IP V4 UDP packet should be sent in
reply to an MPLS echo request
• This will be the most common reply mode for simple LSP pings sent to
periodically poll the integrity of an LSP
• This is the default reply mode
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Troubleshooting MPLS LSP
Reply Modes
• Reply Mode – Reply via an IPv4 UDP Packet with Router Alert
• In this mode when the destination router replies it appends a label of “1” to the
packet
• This forces all the intermediate routers, on the way back, to process switch the
reply
• This mode is CPU intensive and should generally be used if the reply fails for
“reply with IPv4 UDP packet”
• This mode is useful when we have inconsistency between IP and MPLS
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Troubleshooting MPLS LSP
Return Codes
Value Meaning
0 The Error Code Is Contained in the Error Code TLV
Replying Router Is one of the “Downstream Routers”, and Its Mapping for this FEC on the
6 Received Interface Is the Given Label
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Troubleshooting MPLS LSP
MPLS Echo Request
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Troubleshooting MPLS LSP
MPLS Ping (Operational Theory)
• We use the same label stack as used by the LSP and this makes the echo to be
switched inband of LSP
• The IP header destination address field of the echo request is a 127/8 address
• An Echo reply, which may or may not be labelled, has the egress interface IP
address as the source; destination IP address/port are copied from the echo-
request’s source address/port
• Presence of the 127/8 address in the IP header destination address field causes
the packet to be consumed by any routers trying to forward the packet using the
ip header
• In this case P1 would not forward the echo-req to PE1 but rather consumes the
packet and sends a reply to PE2 accordingly
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Troubleshooting MPLS LSP
MPLS Ping Packet Capture
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Operation
MPLS OAM Caveats
• For LSP ping we generate an MPLS echo request
• The payload includes the LDP/RSVP/L2 Circuit sub-TLV depending on the LSP
we use
• Echo request is appropriately labelled and sent out
• Ping mode: MPLS TTL = 255
• Traceroute mode: TTL = 1, 2 ,3 etc.
• MPLS Echo Request always has FEC Stack TLV
• The LSP ping sender sets the return code to 0.
• The replying router would set it accordingly based on the table shown previously
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Troubleshooting MPLS LSP
TTL Field in Labels
• Only the TTL field in the label at the top of the stack counts
• The outgoing TTL value is only a function of the incoming TTL value
• Outgoing TTL is one less than incoming TTL
• If outgoing TTL = 0, packet is not forwarded (not even stripped and forwarded
as an IP packet)
• When an IP packet is first labelled, the TTL field is copied from the IP header to
the MPLS header (after being decremented by 1)
• When the label stack is removed, the outgoing TTL value is copied to the TTL
field in the IP header
• Unless MPLS TTL > IP TTL
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Troubleshooting MPLS LSP
Operation
• Receiving LSR checks that label stack of received packet matches with the
received FECs in FEC Stack
• MPLS Echo Reply is sent in response to MPLS Echo Request
– Destination IP address is source IP address of Echo Request
– IP TTL = 255
– Reply Mode: (You do not control if return packet is sent over IP or MPLS)
• IPv4
• IPv4 with Router Alert (IP Option)
– If over MPLS, then Router Alert Label as topmost label is added in the label stack
– Hardware forwarding bypassed; packet is sent to RP process level forwarding
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Traceroute in MPLS Network
In Prefix Output Out In Prefix Output Out
Label Interface Label Label Interfac Label
e
- 172.16.2.2/32 Y 19 24008 24008 172.16.2.2/32 Y -
16 172.16.1.1/32 X - - 172.16.1.1/32 X 22 16
Y Y
PE1 X P1 X PE2
192.168.1.1/32 192.168.2.2/32
CE1 CE2
22 192.168.1.1/32 X pop
172.16.1.1/32 19 192.168.2.2/32 Y pop 172.16.2.2/32
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Troubleshooting MPLS LSP
Traceroute in MPLS Network
Aggregate Outgoing
Label 19, TTL=1 Label, IP Lookup
done in CEF for VRF
Label 24008 Label 24008,
TTL=255
172.16.2.2 172.16.2.2 172.16.2.2
TTL=2 TTL=1 TTL=255, ICMP
UDP port 35678 UDP port 35678 TTL Exceeded
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Troubleshooting MPLS LSP
MPLS Trace Hiding
• This command prohibits the copying of the TTL from the IP header to the MPLS
shim header and vice versa (TTL is set to 255)
• It should be configured on the routers that do the label imposement (LSR edge
routers), which is the PE routers.
• Providers like to use it so that the customers see the MPLS network as one hop
when tracerouting
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Troubleshooting MPLS LSP
MPLS Trace Hiding
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Troubleshooting MPLS LSP
MPLS Trace with no mpls ip propagate-ttl on PE routers
Aggregate Outgoing
Label 19, TTL=1 Label
udp port
Label 24008 Label 24008,
35678?
TTL=255
172.16.2.2 172.16.2.2 172.16.2.2 172.16.2.2
TTL=2 TTL=1 TTL=1 TTL=1
UDP port 35678 UDP port 35678 UDP port 35678 UDP port 35678
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Troubleshooting MPLS LSP
Multipath MPLS Trace
192.168.2.2/32
Echo Request
1
SRC – 10.1.16.6
DEST – 127.0.0.0 1 R2
R6 R1 R4
2
192.168.3.3/32
Echo Reply
SRC – 10.1.16.1
2 DEST – 10.1.16.6
DS Mapping – 127.0.0.1
24002 - 10.1.13.3
DS Mapping – 127.0.0.0 R3
30002 - 10.1.12.2
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Troubleshooting MPLS LSP
Multipath MPLS Trace
192.168.2.2/32
Echo Request
3
SRC – 10.1.16.6
DEST – 127.0.0.0 4
R2
R6 R1 R4
Echo Reply
SRC – 10.1.12.2
192.168.3.3/32
4 DEST – 10.1.16.6
DS Mapping – 127.0.0.0
pop - 10.1.24.4
R3
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Troubleshooting MPLS LSP
Multipath MPLS Trace 192.168.2.2/32
Echo Request
5 R2
SRC – 10.1.16.6
DEST – 127.0.0.1
R6 5 R1 R4
192.168.3.3/32
Echo Reply 6
SRC – 10.1.13.3
6 DEST – 10.1.16.6
DS Mapping – 127.0.0.0
R3
pop - 10.1.34.4
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Troubleshooting MPLS LSP
Multipath MPLS Trace
PE1#traceroute mpls multipath ipv4 192.168.4.4/32
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
<snip>
Type escape sequence to abort.
LL!
Path 0 found,
output interface Gi0/1 nexthop 10.1.16.1
source 10.1.16.6 destination 127.0.0.1
0 10.1.16.6 10.1.16.1 MRU 1500 [Labels: 18 Exp: 0] multipaths 0
L 1 10.1.16.1 10.1.12.2 MRU 1500 [Labels: 30002 Exp: 0] ret code 8 multipaths 2
L 2 10.1.12.2 10.1.24.4 MRU 1500 [Labels: implicit-null Exp: 0] ret code 8 multipaths 1
! 3 10.1.24.4, ret code 3 multipaths 0
L!
Path 1 found,
output interface Gi0/1 nexthop 10.1.16.1
source 10.1.16.6 destination 127.0.0.0
0 10.1.16.6 10.1.16.1 MRU 1500 [Labels: 18 Exp: 0] multipaths 0
L 1 10.1.16.1 10.1.13.3 MRU 1500 [Labels: 24002 Exp: 0] ret code 8 multipaths 2
L 2 10.1.13.3 10.1.34.4 MRU 1500 [Labels: implicit-null Exp: 0] ret code 8 multipaths 1
! 3 10.1.34.4, ret code 3 multipaths 0
Paths (found/broken/unexplored) (2/0/0)
Echo Request (sent/fail) (5/0)
Echo Reply (received/timeout) (5/0)
Total Time Elapsed 192 ms
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Demo - Multipath MPLS Trace
Troubleshooting MPLS LSP
MPLS Forwarding Plane
With MPLS, the idea is to de-couple the forwarding from the IP header
The forwarding decision is based on the MPLS header, not the IP header
The above is true once the packet is inside the MPLS network
Forwarding is still based on the IP header at the edge where the packet first
enters the MPLS network
CEF must be configured on all the routers in a MPLS network.
CEF takes care of the crucial “recursion” and “resolution” operations
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Troubleshooting MPLS LSP
What happens when CEF disabled?
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Troubleshooting MPLS LSP
MPLS Forwarding Plane – Outgoing Labels
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Troubleshooting MPLS LSP
MPLS Forwarding Plane: Outgoing Labels
Untagged
• Convert the incoming MPLS packet to an IP packet and forward it.
Pop
• Pop the top label from the label stack present in an incoming MPLS packet
and forward it as an MPLS packet.
• If there was only one label in the stack, then forward it as an IP packet. SAME
as imp-null label.
Aggregate
• Convert the incoming MPLS packet to an IP packet and then do a FIB lookup
for it to find out the outgoing interface.
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Troubleshooting MPLS LSP
MPLS Forwarding Plane - Lookup
Three cases in the MPLS forwarding:
1) Label Imposition - IP to MPLS conversion
2) Label swapping - MPLS to MPLS
3) Label disposition - MPLS to IP conversion
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Troubleshooting MPLS LSP
MPLS Forwarding Plane: Loadsharing
MPLS Loadsharing (due to multiple paths to a prefix) is no different from that of
IP
Hashing-algorithm is still the typical ‘FIB based’ i.e per-dest loadsharing by
default **
So the “show commands” are still relevant
• “Show ip cef exact-route <source> <dest>” etc.
But the <dest> must be known in the FIB table, otherwise the command won’t
work.
• Won’t work on P routers for the VPN prefixes.
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Troubleshooting MPLS LSP
MPLS Forwarding Plane: MTU Setting
• “mpls mtu <bytes>” can be applied to an interface to change the
MPLS MTU size on the interface
• MPLS MTU size is checked by the router
• while converting an IP packet into a labeled packet or transmitting a labelled
packet
• Label imposition(s) increases the packet size by 4 bytes/label, hence the
outgoing packet size may exceed ‘interface MTU’ size, hence the need
to tune MTU
• ‘mpls mtu <bytes>” command has no effect on “interface or IP MTU” size.
• By default, MPLS MTU = interface MTU
• MPLS MTU setting doesn’t affect MTU handling for IP-to-IP packet switching
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Troubleshooting MPLS LSP
MPLS Forwarding Plane: MTU Setting
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Troubleshooting MPLS LSP
MPLS Forwarding Plane: Show Commands
“show mpls forwarding”
• Shows all LFIB entries (vpn, non-vpn, TE etc.)
“show mpls forwarding <prefix>”
LFIB lookup based on a prefix
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Troubleshooting MPLS LSP
MPLS Forwarding Plane: Show Commands
R2#show mpls forwarding 10.13.1.11 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
45 51 10.13.1.11/32 0 Fa1/1/1 10.13.7.33
MAC/Encaps=14/18, MRU=1500, Tag Stack{51}
0003FD1C828100044E7548298847 00033000
No output feature configured
Per-packet load-sharing
R2#
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Introduction to
MPLS Tunneling:
BGP Free Core
The Need for Intermediary Forwarding
• Providing transit connectivity to other Autonomous Systems requires that all
routers between BGP Edge (R1 & XR4) know how to forward packets to the
appropriate device.
• Typically all devices participate with BGP
• The exception is redistributing routes on the edge (R1 & XR4) to the IGP
• Doesn’t scale well on the Internet (600K+ Routes)
?
CE6 R1 R2 XR3 XR4 CE7
AS 600 AS 100
AS 700
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
The Use of Tunnels
An alternate solution could use tunnels on intermediary routers to get connectivity
between Internet Edge routers.
• The problems with must tunnels:
• Adds significant packet overhead
• Requires configuration of encapsulating and encapsulating interfaces
• Doesn’t scale well.
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
MPLS: An Alternative View to Tunnels
MPLS can provide tunnel functionality.
• Doesn’t require configure encapsulating/decapsulating interfaces.
• Scalable as additional Edge devices can be added without configuring other
devices in it.
• Packets are forwarded by the endpoint FEC
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
BGP Free Core with MPLS
Configuration Requirements
A FEC must exist for the next-hop in the BGP table
R1#show ip bgp | b Network
Network Next Hop Metric LocPrf Weight Path
* 100.64.6.0/24 172.16.16.6 0 0 600 ?
* i 100.64.7.0/24 192.168.4.4 0 100 0 700 ?
* 172.16.16.0/24 172.16.16.6 0 0 600 ?
* i 172.16.47.0/24 192.168.4.4 0 100 0 700 ?
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
BGP Free Core with MPLS
A FEC must exist for the next-hop in the BGP table
R1#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
100 Pop Label 192.168.2.2/32 0 Gi0/1 10.12.1.2
102 Pop Label 10.23.1.0/24 0 Gi0/1 10.12.1.2
104 202 192.168.3.3/32 0 Gi0/1 10.12.1.2
105 203 10.34.1.0/24 0 Gi0/1 10.12.1.2
106 204 192.168.4.4/32 0 Gi0/1 10.12.1.2
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
BGP Free Core Configuration
Configuration NX-OS
mpls ldp configuration
IOS / IOS XE router-id Lo0
interface Ethernet2/1
Interface GigabitEthernet 0/1 mpls ip
mpls ip ip address 10.25.1.5/24
router ospf 1 ip router ospf NXOS area 0.0.0.0
network 10.0.0.0 0.255.255.255 area 0 router bgp 100
network 192.168.0.0 0.0.255.255 area 0 address-family ipv4 unicast
router bgp 100 neighbor 172.16.16.6 remote-as 600
neighbor 172.16.16.6 remote-as 600
address-family ipv4 unicast
neighbor 192.168.4.4 remote-as 100
neighbor 192.168.4.4
neighbor 192.168.4.4 next-hop-self
remote-as 100
update-source loopback0
address-family ipv4 unicast
next-hop-self
BGP Free Core Configuration
Configuration IOS XR
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
Verifying a BGP Free Core
CE6#trace 100.64.7.7
Type escape sequence to abort.
Tracing the route to 100.64.7.7
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.16.1 6 msec 3 msec 3 msec
2 10.12.1.2 [MPLS: Label 204 Exp 0] 10 msec 9 msec 8 msec
3 10.23.1.3 [MPLS: Label 24005 Exp 0] 8 msec 8 msec 8 msec
4 10.34.1.4 8 msec 10 msec 9 msec
5 172.16.47.7 [AS 700] 10 msec * 10 msec
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Confirming the labels
R1#show mpls forwarding-table | i 204|ing|witch
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
106 204 192.168.4.4/32 0 Gi0/1 10.12.1.2
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
MPLS Labels Case
Study
MPLS Labels Case Study
Case Study – MPLS Traffic Not Forwarded
• Customer reported traffic forwarding issue to the VRF’s attached to a newly
configured PE2 router
• The PE1 router has the VPN label which is being shared with the remote PE2
router
MP-IBGP – VPNv4
LDP + IGP
172.16.11.0/24 10.1.14.0/24 10.1.24.0/24 172.16.22.0/24
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
MPLS Labels Case Study
Findings
• The MPLS PING failed
• MPLS Trace dropped on P-1 router
• Show mpls forwarding <PE2-loopback> output shows no label as outgoing label
P-1# show mpls forwarding 192.168.3.3
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
17 No Label 192.168.3.3/32 476193 Et0/0 23.23.23.2
• Verified that LDP was enabled between the two routers but there was no
bindings
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
MPLS Labels Case Study
Resolution
P-1(config)#no mpls ldp advertise-labels
P-1(config)#mpls ldp advertise-labels for LOOPBACK_ACL
• The P-1 router had an ACL to limit the allocation of labels for certain prefixes
• Sometimes, there are too many prefixes in the core due to which the labels get
exhausted
• To prevent such situations, LDP is configured to allocate labels for certain prefixes but
not all.
• PE2 loopback address was added in the ACL which fixed the problem
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
MPLS Labels Case Study
Label Filtering
• LDP setup LSPs to carry VPN traffic from PE to PE.
• VPN traffic is always destined to PE’s loopback address.
• Only label bindings for those prefixes will be useful in such scenario.
• IOS / IOS-XE
• Outbound Label Filtering
• IOS-XR
• Local Label Allocation Filtering
• Outbound Label Filtering
• NX-OS
• Inbound Label Filtering
• Outbound Label Filtering
• Local Label Allocation Filtering
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
MPLS Labels Case Study
Label Filtering
• Local label allocation filtering
• LDP allocates local labels for IGP /32 prefixes (by default)
• Can be configured to allocate labels for all or certain prefixes
• LDP accepts and keeps remote labels even no local labels exist
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
MPLS Labels Case Study
Label Filtering Configuration – NX-OS
• Inbound label filtering
NX-OS(config-ldp)# neighbor 10.0.0.22 labels accept ?
WORD Name of prefix list
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Troubleshooting
MPLS L3 VPNs
Troubleshooting MPLS L3 VPNs
Nodes and their Roles
• PE – Provider Edge router, connects to P and CE routers
• Maintains separate routing table per VRF
• Uses MP-BGP to exchange VRF routing information (RD + RT)
• Performs LFIB and FIB lookups, label imposition and disposition
• Exchanges IGP and LDP labels with the core
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Troubleshooting MPLS L3 VPNs
IP Addressing Concerns
Customer A Customer A
Site 1 Site 2
172.16.1.0/24 172.16.3.0/24
CE1 CE3
PE1
172.16.2.0/24 172.16.4.0/24
CE2 CE4
Customer B Customer B
Site 1 Site 2
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
Troubleshooting MPLS L3 VPNs
Isolation Through the Use of VRFs
Customer A Customer A
Site 1 Site 2
172.16.1.0/24 172.16.3.0/24
PE1
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
Troubleshooting MPLS L3 VPNs
VRF Overview
• VRF = VPN Routing Forwarding instance
• Isolated routing table, kind of like a VM
• Easiest to think of each VRF like a different physical box
• Interfaces are assigned to a VRF
vrf global
Customer ISP
Network PE mpls
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Troubleshooting MPLS L3 VPNs
VRF Overview
Because each RIB is isolated, overlapping address are allowed
VRF-aware features add “vrf <name>” to commands
Commands without VRF keyword reference the global RIB
e0 e1
ip vrf forwarding red ip vrf forwarding red
ip address 1.1.1.1/24 ip address 2.2.2.2/24
e2
ip address 1.1.1.1/24
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
Troubleshooting MPLS L3 VPNs
VRF Overview
e0 e1
ip vrf forwarding red ip vrf forwarding red
ip address 1.1.1.1/24 ip address 2.2.2.2/24
e2
ip address 1.1.1.1/24
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 126
Troubleshooting MPLS L3 VPNs
L3VPN by Parts
The Edge:
• Any routing protocol between the PE and CE
The Core:
• BGP between PEs
• LDP
• IGP (mainly to get between PEs)
CE PE CE
P2 PE
LDP + IGP TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Troubleshooting MPLS L3 VPNs
Visualizing Data Flow
MP-EBGP
CE PE CE
P2 PE
100 20
100.64.6.6
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
Troubleshooting MPLS L3 VPNs
Visualizing Data Flow
MP-EBGP
CE PE CE
P2 PE
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 130
Troubleshooting MPLS L3 VPNs
MP-BGP: Address-Families
• Address-family (AFI) “vpnv4”, “ipv4 unicast vrf” introduced
• vpnv4 AFI for PE to PE (label information)
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 132
Troubleshooting MPLS L3 VPNs
RTs and RDs: Creating the VRF
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 133
Troubleshooting MPLS L3 VPNs
Understanding the RT
• Route Target
• RT is a BGP extended community (extra
information on the update)
ip vrf red
• “route-target export” adds the rd 1:1
community to the outbound update route-target import 100:100
• “route-target import” defines which route-target import 200:200
routes to bring into the VRF route-target export 201:201
• Multiple imports and exports allowed route-target export 44:313
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
Troubleshooting MPLS L3 VPNs
Understanding RDs
• Route Distinguisher
• There is only one VPNv4 table
• How are routes distinguished from another?
• Prepending the RD to the route to creates a VPNv4 route
• Only used to make routes unique VPNv4 prefixes
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 135
Troubleshooting MPLS L3 VPNs
RT in Action
ip vrf red
rd 1:1
route-target import 100:100
route-target export 201:201
66:66:2.2.2.0/24
VRF Red RIB
RT: 100:100
BGP 2.2.2.0/24
55:55:1.1.1.0/24 3.3.3.0/24
Update
RT: 201:201
44:44:3.3.3.0/24
RT: 100:100
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 136
Troubleshooting MPLS L3 VPNs
vrf definition VPN01
rd 200:1
route-target export 200:1
RD
Prefix
Route Target
Troubleshooting MPLS L3 VPNs
Example Topology
AS500 AS200 AS500
MP-EBGP
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 138
Troubleshooting MPLS L3 VPNs
Troubleshooting CE to PE
AS500 AS200 AS500
MP-EBGP
CE PE
• Check Local PE for receipt of local CE Routes
• Check Remote PE for receipt of remote CE routes
• Can the CE ping the PE?
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 139
Troubleshooting MPLS L3 VPNs
Troubleshooting PE to CE
AS500 AS200 AS500
MP-EBGP
CE PE
• Check Local PE for receipt of remote CE Routes
• Check Remote CE for receipt of local CE routes
• Can the PE ping the CE?
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 140
Troubleshooting MPLS L3 VPNs
Checking the PE VRF Routing Table
R1#show ip route vrf VPN01 | b Gateway
Gateway of last resort is not set
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 141
Troubleshooting MPLS L3 VPNs
Troubleshooting Control Plane
AS500 AS200 AS500
MP-EBGP
PE PE (or PE RR)
• Check LSP Path between PE routers
• Check for route exchange?
• If routes are missing, did you check the export RT vs.
Import RT
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 142
Troubleshooting MPLS L3 VPNs
Verify PE to PE LSP
R1#ping mpls ipv4 192.168.3.3 255.255.255.255
Sending 5, 100-byte MPLS Echos to 192.168.3.3/32,
timeout is 2 seconds, send interval is 0 msec:
Type escape sequence to abort.
.....
Success rate is 0 percent (0/5)
RP/0/0/CPU0:XR3(config)#mpls oam
RP/0/0/CPU0:XR3(config-oam)#commit
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 143
Troubleshooting MPLS L3 VPNs
Checking the PE VPNv4 Routing Table
R1#show bgp vpnv4 unicast all | b Network
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 200:1 (default for vrf VPN01)
*> 100.64.5.5/32 172.16.15.5 0 0 500 i
*>i 100.64.6.6/32 192.168.3.3 0 100 0 500 i
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 144
Troubleshooting MPLS L3 VPNs
Verifying VPN Label
R1#show bgp vpnv4 unicast vrf VPN01 100.64.5.5
BGP routing table entry for 200:1:100.64.5.5/32, version 2
Paths: (1 available, best #1, table VPN01)
Advertised to update-groups:
2
Refresh Epoch 1
500
172.16.15.5 (via vrf VPN01) from 172.16.15.5 (100.64.5.5)
Origin IGP, metric 0, localpref 100, valid, external, best
Extended Community: RT:200:1
mpls labels in/out 103/nolabel
rx pathid: 0, tx pathid: 0x0
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 145
Troubleshooting MPLS L3 VPNs
Verifying Remote VPN Label
RP/0/0/CPU0:XR3#show bgp vpnv4 unicast vrf VPN01 100.64.5.5
BGP routing table entry for 100.64.5.5/32, Route Distinguisher: 200:1
Versions:
Process bRIB/RIB SendTblVer
Speaker 4 4
Paths: (1 available, best #1)
Not advertised to any peer
500
192.168.1.1 (metric 3) from 192.168.1.1 (192.168.1.1)
Received Label 103 RemoteVPN Label
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best,
import-candidate, imported
Received Path ID 0, Local Path ID 1, version 4
Extended community: RT:200:1
Source AFI: VPNv4 Unicast, Source VRF: default, Source Route
Distinguisher: 200:1
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 146
Troubleshooting MPLS L3 VPNs
Verifying Labels (The Easy Way)
R1#show bgp vpnv4 unicast all labels
Network Next Hop In label/Out label
Route Distinguisher: 200:1 (VPN01)
100.64.5.5/32 172.16.15.5 103/nolabel
100.64.6.6/32 192.168.3.3 nolabel/33003
CE6 Route
CE5
RP/0/0/CPU0:XR3#show bgp vpnv4 unicast labels | b Network CE6 Route
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 200:1 (default for vrf VPN01)
*>i100.64.5.5/32 192.168.1.1 103 nolabel
*> 100.64.6.6/32 172.32.36.6 nolabel 33003
In Label represents local label and Rcvd/Out Label represents remote label
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 147
Troubleshooting MPLS L3 VPNs
Viewing the local VPN labels in the LFIB
R1#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
100 No Label 100.64.5.5/32[V] 1129814 Gi0/1 172.16.15.5
101 Pop Label 192.168.2.2/32 0 Gi0/2 10.12.1.2
102 Pop Label 10.23.1.0/24 0 Gi0/2 10.12.1.2
103 24001 192.168.3.3/32 0 Gi0/2 10.12.1.2
Neighbor V Why?TblVer
AS MsgRcvd MsgSent InQ OutQ Up/Down State/PfxRcd
172.16.15.1 4 200 158 157 2 0 0 02:18:27 0
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 149
Troubleshooting MPLS L3 VPNs
CE Routing Tables
AS500 AS200 AS500
MP-EBGP
---
CE6#show bgp sum
BGP router identifier 100.64.6.6, local AS number 500
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 150
Troubleshooting MPLS L3 VPNs
Deployment Tips and Tricks
R1 XR3
router bgp 200 router bgp 200
address-family ipv4 vrf VPN01 vrf VPN01
redistribute connected address-family ipv4 unicast
redistribute connected
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 151
Troubleshooting MPLS L3 VPNs
CE Routing Tables
AS500 AS200 AS500
CE5#show ip route | b Gateway MP-EBGP
Gateway of last resort is not set
CE5 100.0.0.0/32
PE1 is 10.12.1.0/24
subnetted, 1 subnets CE6
172.16.15.0/24 10.23.1.0/24 172.32.36.0/24
C 100.64.5.5 is directly connected,
P2 Loopback0 PE3
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.15.0/24 is directly connected, GigabitEthernet0/1
L 172.16.15.5/32 is directly connected, GigabitEthernet0/1
172.32.0.0/24 is subnetted, 1 subnets
B 172.32.36.0 [20/0] via 172.16.15.1, 00:01:04
---
Look at the topology, and think about
what the problem can be?
CE5#ping 172.32.36.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.32.36.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/6/7 ms
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 152
Troubleshooting MPLS L3 VPNs
Fixing the BGP AS_Path Problem
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 153
Troubleshooting MPLS L3 VPNs
CE Routing Tables
AS500 AS200 AS500
MP-EBGP
---
CE5#ping 100.64.6.6 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.64.6.6, timeout is 2 seconds:
Packet sent with a source address of 100.64.5.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/19 ms
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 154
Troubleshooting MPLS L3 VPNs
CE Routing Tables
AS500 AS200 AS500
MP-EBGP
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 155
Troubleshooting MPLS L3 VPNs
Route Reflectors
RR
AS500 AS200 AS500
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 156
Troubleshooting MPLS L3 VPNs
Route Reflectors
RR
AS500 AS500
Route Reflectors are used to solve problems with scale. When route-reflectors
are used, they need to be checked as part of the path of the VPNv4 router
advertisement.
• A RR disables RT Filtering
• VRFs do not exist on RR; so you can not issue commands specific to a VRF
• Commands are based on RT and RD
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 157
Viewing MPLS L3 VPNs by RT
IOS-RR#config t
IOS-RR(config)#ip extcommunity-list 1 permit rt 200:1
IOS-RR(config)#exit
IOS-RR#show bgp vpnv4 unicast all extcommunity-list 1
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 200:1 (default for vrf VPN01)
*> 100.64.5.5/32 172.16.15.5 0 0 500 I
*>i 100.64.6.6/32 192.168.3.3 0 100 0 500 i
RP/0/0/CPU0:XR-RR#conf t
RP/0/0/CPU0:XR-RR(config)#route-policy RT
RP/0/0/CPU0:XR-RR(config-rpl)#if extcommunity rt matches-any ( 1:10) then
RP/0/0/CPU0:XR-RR(config-rpl)# pass endif
RP/0/0/CPU0:XR-RR(config-rpl)#end-policy
RP/0/0/CPU0:XR-RR(config)#commit
RP/0/0/CPU0:XR-RR(config)#end
RP/0/0/CPU0:XR-RR#show bgp vpnv4 unicast route-policy RT
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 200:1 (default for vrf VPN01)
*> 100.64.5.5/32 172.16.15.5 0 0 500 I
*>i 100.64.6.6/32 192.168.3.3 0 100 © 2017 Cisco and/or
0 its500
affiliates. Alli
rights reserved. Cisco Public
Live Troubleshooting Demo
Troubleshooting MPLS L3 VPNs
Route Reflectors
RR
AS500 AS500
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 162
Inter-AS VPN Topology RR
RR
R3 ASBR XR4
ASBR 192.168.2.2
192.168.1.1
PE
R5 XR6 PE
CE CE
R7 R8
AS 700 AS 700
100.64.7.7 100.64.8.8
Inter-AS VPN Option A: Back to Back VRFs RR
RR
R3 ASBR XR4
ASBR VRF VPN01 VRF VPN02 192.168.2.2
192.168.1.1
IPv4 + IGP/BGP
AS100 ASBR AS200
R1 XR2
VPN02 VPN02
R3 ASBR XR4
ASBR 192.168.2.2
192.168.1.1
R3 ASBR XR4
ASBR 192.168.2.2
192.168.1.1
CE CE
R7 R8
AS 700 AS 700
100.64.7.7 100.64.8.8
Inter-AS VPN Option B1: ASBR to ASBR w/ Next-Hop-Self RR
RR
Next-Hop-Self Next-Hop-Self
R3 ASBR XR4
ASBR MP-EBGP 192.168.2.2
192.168.1.1
PE
R5 XR6 PE
*Jun 20 19:35:50.710: BGP: nbr_topo global 192.168.3.3 VPNv4 Unicast:base (0x110FC570:1) rcvd
Refresh Start-of-RIB
*Jun 20 19:35:50.711: BGP(4): 192.168.3.3 rcvd UPDATE w/ attr: nexthop 192.168.5.5, origin ?,
localpref 100, metric 0, originator 192.168.5.5, clusterlist 192.168.3.3, merged path 700, AS_PATH
, extended community RT:100:1
*Jun 20 19:35:50.714: BGP(4): 192.168.3.3 rcvd 100:1:100.64.7.0/24, label 5003 - DENIED due to:
extended community not supported;
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 169
Inter-AS VPN Option B1: ASBR to ASBR w/ Next-Hop-Self RR
RR interface GigabitEthernet0/2
ip address 172.16.12.1 255.255.255.0
R3 mpls bgp forwarding ASBR XR4
ASBR 192.168.2.2
192.168.1.1
! MP-EBGP
router bgp 100
AS100 bgp log-neighbor-changes ASBR AS200
VPN02 R1 no bgp default ipv4-unicast XR2 VPN02
no bgp default route-target filter
neighbor 172.16.12.2 remote-as 200
neighbor 192.168.3.3 remote-as 100
neighbor 192.168.3.3 update-source Loopback0
PE !
R5 XR6 PE
address-family vpnv4
neighbor 172.16.12.2 activate
neighbor 172.16.12.2 send-community extended
neighbor 192.168.3.3 activate
neighbor 192.168.3.3 send-community extended
CE neighbor 192.168.3.3 next-hop-self
R7 R8 CE
AS 700 AS 700
100.64.7.7 100.64.8.8
Inter-AS VPN Option B1: ASBR to ASBR w/ Next-Hop-Self RR
RR
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 172
Inter-AS MPLS VPNs
Problems with Route Installation: Checking on the RRs
R3#show bgp vpnv4 unicast all | b Netw
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1
*>i 100.64.7.0/24 192.168.5.5 0 100 0 700 ?
*>i 172.16.57.0/24 192.168.5.5 0 100 0 ?
Route Distinguisher: 200:1
*>i 100.64.8.8/32 192.168.1.1 0 100 0 200 700 ?
*>i 172.32.68.0/24 192.168.1.1 0 100 0 200 ?
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 173
Inter-AS MPLS VPNs
Problems with Route Installation: Solution 1 – Additional Import Statements
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 174
Inter-AS MPLS VPNs
Problems with Route Installation: Solution 2 – Route Target ReWrite on ASBRs
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 175
Inter-AS MPLS VPNs
Problems with Route Installation: Solution 2 – Route Target Re-Write on ASBRs
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 176
Inter-AS VPN Option B1: ASBR to ASBR w/ Next-Hop-Self RR
RR
R3 ASBR XR4
ASBR MP-EBGP 192.168.2.2
192.168.1.1
R3 ASBR XR4
ASBR MP-EBGP 192.168.2.2
192.168.1.1
router static
address-family ipv4 unicast
172.16.12.1/32 GigabitEthernet0/0/0/1
PE
R5 XR6 PE
CE CE
R7 R8
AS 700 AS 700
100.64.7.7 100.64.8.8
Inter-AS VPN Option B1: ASBR to ASBR w/ Next-Hop-Self RR
RR
R3 ASBR XR4
ASBR MP-EBGP 192.168.2.2
192.168.1.1
R3 ASBR XR4
ASBR MP-EBGP 192.168.2.2
192.168.1.1
CE7#trace 100.64.8.8
Type escape sequence to abort.
PE Tracing the route to 100.64.8.8
R5 VRF info: (vrf in name/id, vrf out name/id) XR6 PE
1 172.16.57.5 3 msec 2 msec 3 msec
2 10.15.1.1 [MPLS: Label 204 Exp 0] 33 msec 17 msec 16 msec
3 172.16.12.2 [MPLS: Label 24003 Exp 0] 16 msec 18 msec 14 msec
4 10.26.1.6 [MPLS: Label 60003 Exp 0] 17 msec 15 msec 16 msec
5 172.32.68.8 [AS 200] 16 msec * 18 msec
CE CE
R7 R8
AS 700 AS 700
100.64.7.7 100.64.8.8
Inter-AS VPN Option B2: Advertise Peering Link RR
RR
Redistribute Redistribute
R3
Connected Static Route ASBR XR4
ASBR MP-EBGP 192.168.2.2
192.168.1.1
PE
R5 XR6 PE
PE
R5 XR6 PE
R3 ASBR XR4
ASBR 192.168.2.2
192.168.1.1
MP-EBGP
PE & RR Labels
AS100 ASBR AS200
R1 XR2
VPN02 VPN02
v1 172.16.1.1
PE
R5 XR6 PE
PE
R5 XR6 PE
CE CE
R7 R8
AS 700 AS 700
100.64.7.7 100.64.8.8
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Inter-AS VPN: Examining the MPLS FECs RR
RR Check MPLS Check MPLS
Forwarding Forwarding
R3 Table Table ASBR XR4
ASBR 192.168.2.2
192.168.1.1
IPv4 + IGP/BGP
AS100 ASBR AS200
R1 XR2
VPN02 VPN02
Check MPLS Check MPLS
Forwarding Forwarding
Table Table
PE
R5 XR6 PE
PE
R5 XR6 PE
Service Provider 1
CE CE
Customer Customer
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 197
Carrier Supporting Carrier (CSC) Roles
CSC-PE CSC-PE
R1 CSC-CE
CSC-CE XR2
R3 XR4
Backbone
Carrier
Customer Customer
Carrier Carrier
R5
PE PE XR6
CE CE
R7 R8
AS 700 AS 800
CSC is not running MPLS inside its POP Sites
MP-IBGP
LDP + IGP
or Labeled
R1
Labeled BGP LDP + IGP XR2 BGP
R3 XR4
IBGP + RR Client
IBGP
IBGP
Customer
Carrier
R5 XR6
EBGP EBGP
CE7 CE7
AS 700 AS 800
CSC is not running MPLS inside its POP Sites
MP-IBGP
LDP + IGP
R1
Labeled
LDP + IGP XR2 BGP
interface GigabitEthernet0/1
R3 description to R3 XR4
vrf forwarding CORE
IBGP + RR Client
IBGP
IBGP
IBGP
IBGP
LDP + IGP
or Labeled
R1
Labeled BGP LDP + IGP XR2 BGP
IBGP
IBGP
IBGP
IBGP
IBGP
IBGP
LDP + IGP
or Labeled
R1
Labeled BGP LDP + IGP XR2 BGP
CE7#trace 100.64.8.8
Type escape sequence to abort.
Tracing the route R3
to 100.64.8.8 XR4
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.57.5 3 msec 3 msec 3 msec IBGP + RR Client
IBGP
IBGP
2 172.16.35.3 [AS 200] [MPLS: Label 3005 Exp 0] 16 msec 18 msec 15 msec
3 172.16.13.1 [MPLS: Label 112 Exp 0] 16 msec 16 msec 16 msec
4 10.12.1.2 [MPLS: Label 24009 Exp 0] 14 Customer
msec 16 msec 16 msec
5 172.32.24.4 [MPLS: Label 44005 Exp 0] 14Carrier
msec 14 msec 16 msec
6 172.32.46.6 [AS
R5 200] 15 msec 15 msec 16 msec
XR6
7 172.32.68.8 [AS 200] 16 msec * 19 msec
EBGP EBGP
CE7 CE7
AS 700 AS 800
CSC is running MPLS inside its POP Sites
MP-IBGP
LDP + IGP
or Labeled
R1
Labeled BGP LDP + IGP XR2 BGP
R3
Customer XR4
Carrier
IGP
LDP
IGP
LDP
R5 IBGP XR6
EBGP EBGP
CE7 CE7
AS 700 AS 800
CSC is running MPLS inside its POP Sites
MP-IBGP
LDP + IGP
or Labeled
R1
Labeled BGP LDP + IGP XR2 BGP
CE7#trace 100.64.8.8
Type escape sequence to abort.
Tracing the route R3
to 100.64.8.8 Customer XR4
VRF info: (vrf in name/id, vrf out name/id)Carrier
1 172.16.57.5 3 msec 3 msec 3 msec
IGP
LDP
IGP
LDP
2 172.16.35.3 [AS 200] [MPLS: Label 3005 Exp 0] 16 msec 18 msec 15 msec
3 172.16.13.1 [MPLS: Label 112 Exp 0] 16 msec 16 msec 16 msec
4 10.12.1.2 [MPLS: Label 24009 Exp 0] 14 msec 16 msec 16 msec
5 172.32.24.4 [MPLS: Label 44005 Exp 0] 14 msec 14 msec 16 msec
6 172.32.46.6 [AS
R5 200] 15 msec 15 msec 16 IBGP
msec
XR6
7 172.32.68.8 [AS 200] 16 msec * 19 msec
EBGP EBGP
CE7 CE7
AS 700 AS 800
CSC is running MPLS VPN inside its POP Sites
MP-IBGP
LDP + IGP
or R1
Labeled
Labeled BGP LDP + IGP XR2 BGP
R3
Customer XR4
Carrier
IGP
LDP
IGP
LDP
R5 MP-IBGP XR6
EBGP EBGP
CE7 CE7
AS 700 AS 800
CSC is running MPLS VPN inside its POP Sites
CE7# trace 100.64.8.8 so lo0
MP-IBGP
Type escape sequence to abort.
Tracing the route to 100.64.8.8
LDP + IGP
VRF info: (vrf in name/id, vrf out name/id) Labeled
or R1 4 msec
1 172.16.57.5 5 msec 3 msec LDP + IGP XR2 BGP
Labeled BGP
2 172.16.35.3
Backbone Carrier [MPLS: Labels 3005/60005 Exp 0] 18 msec 14 msec 24 msec
3Forwarding
172.16.13.1
Label [MPLS: Labels 112/60005 Exp 0] 15 msec 15 msec 16 msec
Customer XR4msec
4 10.12.1.2 [MPLS:
R3 Labels 24009/60005 Exp 0] 14 msec 12 msec 18
Carrier
5 172.32.24.4 [MPLS: Labels 44005/60005 Exp 0] 21 msec 23 msec 22 msec
IGP
LDP
IGP
LDP
R5 MP-IBGP XR6
EBGP EBGP
CE7 Customer Carrier CE7
VPN Label
AS 700 AS 800
Troubleshooting
IPv6 VPNs
Troubleshooting 6VPE
Reference Topology
IPv4 – 192.168.1.1/32
IPv6 – 2001:DB8::1/128
AS 100
Service Provider Core
PE1 IPv4 – IGP
MPLS
IPv4 – 192.168.2.2/32
IPv6 – 2001:DB8::2/128
IPv4 – 192.168.5.5/32
IPv6 – 2001:DB8::6/128 IPv6 – 2001:DB8::7/128
IPv6 – 2001:DB8::5/128
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 211
Troubleshooting 6VPE
VRF Configuration
• IPv6 enabled VRF’s are configured in the same way as IPv4 VRF’s
• On Cisco IOS, use command vrf definition to configure both IPv4 and IPv6
capable VRF’s
vrf definition VPN01 vrf VPN01
rd 1:1 address-family ipv6 unicast
address-family ipv6 unicast import route-target
route-target import 1:1 1:1
route-target export 1:1 2:2
route-target import 2:2 export route-target
address-family ipv4 unicast 1:1
. . . address-family ipv4 unicast
interface Gi0/0 . . .
vrf forwarding VPN01 interface Gi0/0/0/0
ipv6 address xx:xx:xx::y/64 vrf VPN01
ipv6 address xx:xx:xx::y/64
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 212
6VPE Configuration – Cisco IOS
router bgp 100
bgp router-id 192.168.1.1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 192.168.4.4 remote-as 100
neighbor 192.168.4.4 update-source Loopback0
!
address-family vpnv6
neighbor 192.168.4.4 activate
neighbor 192.168.4.4 send-community extended
neighbor 192.168.4.4 next-hop-self
!
address-family ipv6 vrf red
neighbor 2001:DB8:0:16::6 remote-as 200
neighbor 2001:DB8:0:16::6 activate
exit-address-family
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 213
6VPE Configuration – IOS XR
router bgp 100
bgp router-id 192.168.2.2
address-family vpnv6 unicast
!
neighbor 192.168.4.4
remote-as 100
update-source Loopback0
address-family vpnv6 unicast
next-hop-self
!
vrf red
rd 100:1
address-family ipv6 unicast
!
neighbor 2001:db8:0:26::6
remote-as 200
address-family ipv6 unicast
route-policy pass in
route-policy pass out
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 214
Troubleshooting 6VPE
Verifying Control Plane
• Since both control plane and data plane works in opposite direction, verify the
IPv6 VPN prefix on PE5.
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 215
Troubleshooting 6VPE
Verifying Control Plane
• Verify the VPNv6 prefix in BGP along with the local label
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 216
Troubleshooting 6VPE
Verifying Control Plane
• The remote IOS PE - PE1, receives the VPNv6 prefix as the out label of 23.
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 217
Troubleshooting 6VPE
Verifying Control Plane
RP/0/0/CPU0:PE2#show bgp vpnv6 unicast vrf red 2001:db8::7/128
BGP routing table entry for 2001:db8::7/128, Route Distinguisher: 100:1
Last Modified: Feb 4 22:46:29.408 for 1d05h
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
300
192.168.5.5 (metric 3) from 192.168.4.4 (192.168.5.5)
Received Label 23
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best,
import-candidate, imported
Received Path ID 0, Local Path ID 1, version 5
Extended community: RT:100:1
Originator: 192.168.5.5, Cluster list: 192.168.4.4
Source VRF: default, Source Route Distinguisher: 100:5
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 218
Troubleshooting 6VPE
Verifying Data Plane
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 219
Troubleshooting 6VPE
Verifying Data Plane on IOS XR
RP/0/0/CPU0:PE2#show cef vrf red ipv6 2001:db8::7/128
2001:db8::7/128, version 7, internal 0x5000001 0x0 (ptr 0xa140c5f4) [1],
0x0 (0x0), 0x208 (0xa14db230)
Updated Feb 4 22:46:29.731
Prefix Len 128, traffic index 0, precedence n/a, priority 3
via ::ffff:192.168.5.5, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xa176b0bc 0x0]
recursion-via-/128
next hop VRF - 'default', table - 0xe0000000
next hop ::ffff:192.168.5.5 via ::ffff:192.168.5.5:0
next hop 10.1.24.4/32 Gi0/0/0/1 labels imposed {19 23}
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 220
Verifying Ingress Hardware Programming – IOS XR
PE2#show cef vrf red ipv6 2001:db8::7/128 hardware ingress detail loc0/0/CPU0
2001:db8::7/128, version 7, internal 0x5000001 0x0 (ptr 0xa140c5f4) [1],
0x0 (0x0), 0x208 (0xa14db230)
Updated Feb 4 22:46:29.730
[1 type 1 flags 0x48089 (0xa14f5398) ext 0x0 (0x0)]
LW-LDI[type=0, refc=0, ptr=0x0, sh-ldi=0x0]
gateway array update type-time 1 Feb 4 22:46:29.730
LDI Update time Feb 4 22:46:29.730
via ::ffff:192.168.5.5, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xa176b0bc 0x0]
recursion-via-/128
next hop VRF - 'default', table - 0xe0000000
next hop ::ffff:192.168.5.5 via ::ffff:192.168.5.5:0
next hop 10.1.24.4/32 Gi0/0/0/1 labels imposed {19 23}
Ingress platform showdata is not available.
Load distribution: 0 (refcount 1)
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 221
Verifying Egress Hardware Programming – IOS XR
PE2#show cef vrf red ipv6 2001:db8::7/128 hard egr det loc 0/0/CPU0
2001:db8::7/128, version 7, internal 0x5000001 0x0 (ptr 0xa140c5f4) [1],
0x0 (0x0), 0x208 (0xa14db230)
[1 type 1 flags 0x48089 (0xa14f5398) ext 0x0 (0x0)]
LW-LDI[type=0, refc=0, ptr=0x0, sh-ldi=0x0]
gateway array update type-time 1 Feb 4 22:46:29.730
LDI Update time Feb 4 22:46:29.730
via ::ffff:192.168.5.5, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xa176b0bc 0x0]
recursion-via-/128
next hop VRF - 'default', table - 0xe0000000
next hop ::ffff:192.168.5.5 via ::ffff:192.168.5.5:0
next hop 10.1.24.4/32 Gi0/0/0/1 labels imposed {19 23}
Egress platform showdata is not available.
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 222
Troubleshooting 6VPE / MPLS
Verifying Counters on Interface
• Verify the interface counters for mpls forwarding
• If there is forwarding problem, check the counters and ensure they are not
increasing.
• Initiate the VPNv6 prefix ping and verify the counters again to see if they
increased
RP/0/0/CPU0:PE2#show interface gigabitethernet0/0/0/1 accounting
GigabitEthernet0/0/0/1
Protocol Pkts In Chars In Pkts Out Chars Out
IPV4_UNICAST 261333 20337753 46929 2305821
IPV6_UNICAST 21017 2062274 20995 1964348
MPLS 10 1180 14426 968553
ARP 84 5040 84 3528
IPV6_ND 13296 1193736 10306 742016
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 223
Troubleshooting
MPLS
Traffic-Engineering
Troubleshooting MPLS TE
The “Fish” Problem
35
M
Tra
ffi c
100
60 40
50
X
ffi c
Tra
M
10
80
45 25
70
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 225
Troubleshooting MPLS TE
Motivation
• Increase efficiency of bandwidth resources
• Prevent over-utilised (congested) links whilst other links are under-utilised
• Ensures the most desirable/appropriate path for certain traffic types based on
certain policies
• Override the shortest path selected by the IGP
• The ultimate goal is COST SAVING
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 226
Troubleshooting MPLS TE
CSPF – The TE Algorithm
Dijkstra(G, w, s):
• CSPF (executed at ingress) – Initialize-single-source(G,s);
computes an optimal explicit path S = empty set;
based on constraints Q = V[G];
While Q is not empty {
• Bandwidth requirements u = Extract-Min(Q);
• Hop limitations S = S union {u};
for each vertex v in Adj[u] {
• Administrative groups (link colors) relax(u, v, w);
}
• Priority (setup and hold) }
• Explicit route In which:
• Link attributes G: the graph, represented in some way (e.g.
• Reservable bandwidth of the links adjacency list)
w: the distance (weight) for each edge (u,v)
(static bandwidth minus the currently s (small s): the starting vertex (source)
reserved bandwidth S (big S): a set of vertices whose final
shortest path from s have already been
determined
Q: set of remaining vertices, Q union S = V
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 227
Troubleshooting MPLS TE
draft-manayya-cspf-00
1. CSPF process begins at ingress router with parameters of bandwidth, setup priority, hold priority
and method used incase of equal cost multipath such as random, least fill or most-fill. It determines
the final destination (Egress router).
2. It checks for maximum hop count, include and exclude constraints configured.
3. Check each node for metric and hop count starting with Ingress.
4. For each node check if endpoint is already visited ,if yes then skip the verification. if not check the
link for metric, color and bandwidth (for constraints). The information on each node includes
administrative groups (Color), metrics, static bandwidth, reservable bandwidth, and available
bandwidth priority level. The information contained in the traffic engineering database should be the
same across all routers in the same traffic engineering domain.
5. If it fails then remove this link.
6. If it passes then select the link with shortest path to neighbor router, go to next link and repeat the
step 4.
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 228
Troubleshooting MPLS TE
draft-manayya-cspf-00 (contd…)
• Repeat the steps 3 to 5 for all nodes
• The result of the CSPF algorithm is formed into a strict-hop ERO (Explicit Route Object)
• When the ERO is completed, the ERO is passed to the RSVP (Resource Reservation Protocol)
process, where it is used for signaling and establishing the LSP in the network.
• If it is not possible to find the path then indicate about not finding a route then retry after retry interval.
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 229
Troubleshooting MPLS TE
RSVP Overview
• Once the path is calculated, it must be signaled across the network
• Reserve any bandwidth to avoid “double booking” from other TE reservations
• Priority can be used to pre-empt low priority existing tunnels
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 230
Troubleshooting MPLS TE
RSVP Overview – Admission Control
• On receipt of PATH message
• Router will check there is bandwidth available to honour the reservation
• If bandwidth available then RSVP accepted
Does RSVP actually allocates the b/w across the path for TE tunnel?
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 231
Troubleshooting MPLS TE
RSVP Overview – Admission Control
100
60 40
50
RSVP Path
Message
(10M)
PATH RSVP
80
45 25 RESV
BW=10 30 Message
70
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 232
Troubleshooting MPLS TE
Configuration / Feature requirements
• RSVP should be enabled on relevant interfaces
• mpls traffic-eng should be enabled
• Globally 100
• Interface level 60 40
50
• IGP Level
70
• Decision on Path Selection Process
• Dynamic
• Explicit-path
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 233
Troubleshooting MPLS TE
Autoroute Announce
• Used to include TE LSP in SPF calculations
• Tunnel is treated as a directly connected link to the tail
• IGP adjacency is NOT run over the tunnel!
• Using autoroute announce, all nodes behind the headend are routed via tunnel
IOS – IOS-XE (Config under Tunnel Interface)
tunnel mpls traffic-eng autoroute announce
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 234
Troubleshooting MPLS TE
Forwarding Adjacency
• Autoroute does not advertise the LSP into the IGP
• There may be requirement to advertise the existence of TE tunnels to upstream
routers
• Allow upstream routers to compute a better path to destination a over downstream TE
tunnel
R1 R4 R5
R3 R8
R2 R6 R7
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 235
Troubleshooting MPLS TE
Verification Commands
• Verifying RSVP Interfaces
• Show ip rsvp interface
• Verifying TE Tunnels
• Show mpls traffic-eng tunnels tunnel <num>
• Show mpls traffic-eng forwarding (XR)
• Show mpls traffic-eng forwarding-adjacency
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 236
Troubleshooting MPLS TE
RSVP Troubleshooting
RP/0/0/0:R1#sh rsvp counters messages summary
Path 0 25 Resv 30 0
PathError 0 0 ResvError 0 1
PathTear 0 30 ResvTear 12 0
ResvConfirm 0 0 Ack 24 37
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 237
Verify Basic TE Tunnel Forwarding
RP/0/RP0/CPU0:PE2#show mpls traffic-eng tunnels 400
Name: tunnel-te400 Destination: 192.168.4.4 Ifhandle:0x580
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 1, type dynamic (Basis for Setup, path weight 1)
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 0 kbps CT0
Creation Time: Thu Jun 15 19:22:40 2017 (00:15:46 ago)
Config Parameters:
Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (global)
Path Selection:
<snip>
Fast Reroute: Disabled, Protection Desired: None
Path Protection: Not Enabled BFD Fast Detection: Disabled
Reoptimization after affinity failure: Enabled
Soft Preemption: Disabled
History: Tunnel has been up for: 00:15:46 (since Thu Jun 15 19:22:40 UTC 2017)
Current LSP: Uptime: 00:15:46 (since Thu Jun 15 19:22:40 UTC 2017)
Path info (OSPF 100 area 0):
Node hop count: 1
Hop0: 10.24.1.4
Hop1: 192.168.4.4
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 238
Troubleshooting MPLS TE
Re-optimization Configs
• Configuration
• Logging
• Logging events lsp-status reoptimize (XR TE Tunnel interface config)
• Logging events lsp-status reroute (XR TE Tunnel interface config)
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 239
Troubleshooting MPLS TE
Troubleshooting : TE Tunnel does not come up
RP/0/RP0/CPU0:PE2# show mpls traffic-eng tunnel 400 detail
Wed May 29 14:07:50.428 UTC
Name: tunnel-te 400 Destination: 0.0.0.0
Status:
Admin: up Oper: down Path: not valid Signalling: Down
path option 10, type dynamic (Basis for Setup, path weight 2)
ospf 100 area 0
G-PID: 0x0800 (internally specified)
Config Parameters:
Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff Very verbose
Metric Type: TE (default) reason given here
AutoRoute: disabled LockDown: disabled on this line for
Loadshare: 0 equal loadshares config errors
Auto-bw: disabled(0/0) 0 Bandwidth Requested: 0
Direction: unidirectional
Endpoint switching capability: unknown, encoding type: unassigned
Transit switching capability: unknown, encoding type: unassigned
Reason for the tunnel being down: No destination is configured
History:
Prior LSP:
ID: path option 10 [13]
Removal Trigger: signalling shutdown No Destination
configured under
Tunnel interface
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 240
Troubleshooting MPLS TE
Troubleshooting : TE Tunnel does not come up
RP/0/RP0/CPU0:PE2#show mpls traffic-eng tunnel 400 detail
Name: tunnel-te400 Destination: 192.168.4.4
Status:
Admin: up Oper: down Path: not valid Signalling: Down
path option 10, type dynamic (Basis for Setup, path weight 2)
ospf 100 area 0
G-PID: 0x0800 (internally specified)
Config Parameters:
Bandwidth: 1 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (default)
AutoRoute: enabled LockDown: disabled
Loadshare: 0 equal loadshares
Auto-bw: disabled(0/0) 0 Bandwidth Requested: 1
Direction: unidirectional
Endpoint switching capability: unknown, encoding type: unassigned
Transit switching capability: unknown, encoding type: unassigned Insufficient RSVP b/w.
History: Bandwidth command not
Prior LSP: configured under rsvp.
ID: path option 1 [21] or
Removal Trigger: path verification failed is misconfigured
Last Error:
PCALC:: No path to destination, 192.168.4.4(bw)
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 241
Troubleshooting MPLS TE
Troubleshooting : TE Tunnel does not come up
RP/0/RP0/CPU0:PE2#show mpls traffic-eng tunnel 400 detail
Name: tunnel-te400 Destination: 192.168.4.4
Status:
Admin: up Oper: down Path: not valid Signalling: Down
path option 10, type dynamic (Basis for Setup, path weight 2)
ospf 100 area 0
G-PID: 0x0800 (internally specified)
Config Parameters:
Bandwidth: 1 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (default)
AutoRoute: enabled LockDown: disabled
Loadshare: 0 equal loadshares
Auto-bw: disabled(0/0) 0 Bandwidth Requested: 1 Tunnel has no
Direction: unidirectional alternative path
Endpoint switching capability: unknown, encoding type: unassigned Or
Transit switching capability: unknown, encoding type: unassigned Explicit path is
History: misconfigured.
Prior LSP:
ID: path option 1 [21]
Removal Trigger: path verification failed
Last Error:
PCALC:: No path to destination, 192.168.4.4(reverselink or exclude-link)
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 242
Troubleshooting MPLS TE
TE Tunnel not up (Summary)
• RSVP Signaling in progress
• Show rsvp sessions dst-port
• No path available
• Show mpls traffic-eng igp-area
• Show mpls traffic-eng topology model-type rdm|mam (Russian Dolls
/ Maximum allocation)
• Show mpls traffic-eng link-management interface x/y
• Cannot reach dst x.x.x.x from y.y.y.y
• Show rsvp interface
• Or check TE topology database
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 243
Class-Based Tunnel Selection – CBTS
Destination NH: PE2 EXP: 4
PE2
Destination NH: PE2 EXP: Default
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 245
Troubleshooting MPLS TE
Maximum Allocation Model (MAM)
• BW pool applies
to one class
BC0
Class0
• Sum of BW pools may exceed MRB
Maximum
• Sum of total BC1 Class1 All Reservable
Classes Bandwidth
reserved BW may (MRB)
not exceed MRB BC2 Class2
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 246
CBTS – Configuration Example
Both tunnels to same
interface Tunnel65
destination but different QoS
ip numbered loopback0
tunnel destination 192.168.2.2
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng bandwidth sub-pool 30000
tunnel mpls traffic-eng exp 5
interface Tunnel66
ip numbered loopback0
tunnel destination 192.168.2.2
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng bandwidth 50000
tunnel mpls traffic-eng exp default
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 247
Troubleshooting MPLS TE
Traces to collect on IOS XR
CEF (forwarding) Show cef mpls trace location <line card location>
Show cef platform trace all all location <line card location>
Show cef trace location <line card location>
Show mpls forwarding tunnel detail
Show mpls forwarding labels hardware ingress/egress detail loc
Show cef mpls adj tunnel-te <> hardware ingress/egress detail loc <>
SONET Show sonet-local trace location <line card location>
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 248
Troubleshooting MPLS TE
Tunnel Protection
• Mechanism to mitigate packet loss during a failure
• Pre-provisioned protection tunnels that carry traffic when a protected link or
node goes down
• MPLS TE protection also known as FAST REROUTE
• Protects against LINK FAILURE
• For example, Fibre cut, Carrier Loss, ADM failure
• Protects against NODE FAILURE
• For example, power failure, hardware crash, maintenance
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 249
Troubleshooting MPLS TE
Categories of FRR
• Local Protection
• Link Protection
• Node Protection
• Protects a segment of the tunnel (Node or Link)
• 1:N Scalability
• Faster failure recovery
• Path Protection
• Protects individual tunnels
• 1:1 Scalability
• More resource consumption
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 250
Troubleshooting MPLS TE
Link Protection
P-3
pop
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 251
Troubleshooting MPLS TE PLR
P-3
pop
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 252
Troubleshooting MPLS TE
Node Protection
P-3
pop
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 253
Troubleshooting MPLS TE
Node Protection
P-3
pop
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 254
Troubleshooting MPLS TE
Node Protection
P-3
pop
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 255
MPLS Traffic-Engineering
Demo
Troubleshooting
MPLS with NX-OS
Troubleshooting MPLS with NX-OS
Software Architecture
IM/OIM/
MPLS-Mgr L3VM
CLI URIB
SNMP ULIB
System
LDP IGP
Manager
Feature
Netstack
Manager
License
Manager PSS
MTS
Shared Memory
Message Queue
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 258
Troubleshooting MPLS with NX-OS
Component Functions
• Interact with ULIB
• Allocate local label for prefixes
• Interact with URIB
• Learn routes
• Program outgoing labels
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 260
Troubleshooting MPLS with NX-OS
MPLS Packet Flow
L2FT FIB
LDB ILM ADJ ELM RIT
(DMAC) TCAM
• LDB – L2 Features; Perform LDP lookup to derive LIF / BD for ingress packet
• L2FT – Perform SMAC and DMAC lookup; DMAC should be router MAC
• ILM – Lookup ingress LIF MAP table and identify feature enabled, i.e. MPLS
• FIB – Deals with both PI and PD programming
• ADJ – FIB results provides adjacency points to egress LIF
• ELM – Egress LIF has the DI for egress interface
• RIT – Generate the rewrite (SMAC, DMAC and Label rewrite [push, pop, swap])
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 261
Troubleshooting MPLS with NX-OS
LDB – Check if the router BD is set in the LDP entry
module-1# show hardware internal forwarding interface e1/1
Software Tables:
Interface = Ethernet1/1 LTL Index = 0x422 LIF = 0x4002
State(up) Layer(L3) Mode(0x0) VDC(1) Local Port(yes)
Number of Member Ports(0x0)
LDB Sharing(no) LDB Base(0xc801) LDB Port Features(no)
Hardware Tables:
Instance: 0x1
L2-LIF-MAP entry with index = 0x422
ldb_base = 0xc801 add_vlan = 0
Instance: 0x1
L2-LIF entry with index = 0xc801
pt_cam_en = 0 ipv4_igmp_snoop = 0 ipv4_pim_snoop = 0 ipv6_mld_snoop = 0
ipv6_pim_snoop = 0 bd = 0x2 l2v4 = 0 ingr_lif = 0x4002
<snip>
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 262
Troubleshooting MPLS with NX-OS
Check if the router BD is set in the LDP entry
module-1# show hardware internal forwarding interface e1/1
Software Tables:
Interface = Ethernet1/1 LTL Index = 0x422 LIF = 0x4002
State(up) Layer(L3) Mode(0x0) VDC(1) Local Port(yes)
Number of Member Ports(0x0)
LDB Sharing(no) LDB Base(0xc801) LDB Port Features(no)
Hardware Tables:
Instance: 0x1
L2-LIF-MAP entry with index = 0x422
ldb_base = 0xc801 add_vlan = 0
Instance: 0x1
L2-LIF entry with index = 0xc801
pt_cam_en = 0 ipv4_igmp_snoop = 0 ipv4_pim_snoop = 0 ipv6_mld_snoop = 0
ipv6_pim_snoop = 0 bd = 0x2 l2v4 = 0 ingr_lif = 0x4002
<snip>
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 263
Troubleshooting MPLS with NX-OS
Verify L2FT and ILM
L2FT
show hardware mac address-table
FE | Valid| PI| BD | MAC | Index| Stat| SW | Modi| Age| Tmr| GM| Sec| TR| NT| RM| RMA| Cap| Fld|Always
---+------+---+------+---------------+-------+-----+-----+-----+----+----+---+----+---+---+---+----+----+----+------
ILM
NX-OS# show hardware internal forwarding interface Ethernet 1/1 module 10 | inc mpls_en
l2l3_lkup_cfg = 0 mpls_en = 1 sm_en = 0 red_ids_chk_fail_en = 1 v4_rpfv3_en = 0
ipv4_en = 1 eompls_en = 0 mpls_en = 1
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 264
Troubleshooting MPLS with NX-OS
Verifying FIB - PI
N7k-1# show forwarding route module 1
----------------+----------------------------------------+----------------------+-----------------
Prefix | Next-hop | Interface | Labels
----------------+----------------------------------------+----------------------+-----------------
<snip>
192.168.2.2/32 nxthop 10.12.1.2 Ethernet1/2 NO-OP
192.168.3.3/32 nxthop 10.12.1.2 Ethernet1/2 PUSH 21
192.168.4.4/32 nxthop 10.12.1.2 Ethernet1/2 PUSH 22
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 265
Troubleshooting MPLS with NX-OS
Verifying FIB – PI – Forwarding and Adjacency Info
N7k-1# show forwarding mpls module 1
--------+-----------+-------------------+----------------+-------------+-------
Local |Prefix |FEC |Next-Hop |Interface |Out
Label |Table Id |(Prefix/Tunnel id) | | |Label
--------+-----------+-------------------+----------------+-------------+-------
18 |0x1 |192.168.2.2/32 |10.12.1.2 |Ethernet1/2 |Pop Label
19 |0x1 |192.168.3.3/32 |10.12.1.2 |Ethernet1/2 |21
20 |0x1 |192.168.4.4/32 |10.12.1.2 |Ethernet1/2 |22
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 266
Troubleshooting MPLS with NX-OS
Verifying FIB – PD – MPLS Programming
N7k-1# show system internal forwarding mpls detail
Table id = 0x1
------------------
----+--------+--------+------------+----------+----------+-----------+--------+
Dev | Index |Priority| In-label | AdjIndex | LIF | Out-label | Op
----+--------+--------+------------+----------+----------+-----------+--------+
0 0x5624 0x23c2 16 0x5c 0x1fe0 0 POP ONE
0 0x5625 0x23c3 17 0x5c 0x1fe0 0 POP ONE
0 0x5224 0x23c4 18 0x62 0x2 3 POP ONE
0 0x5225 0x23c5 19 0x60 0x2 21 SWAP ONE
0 0x5c24 0x23c6 20 0x64 0x2 22 SWAP ONE
0 0x5c25 0x23c7 21 0x65 0x3 0 POP ONE
Table id = 0x2a
------------------
----+--------+--------+------------+----------+----------+-----------+--------+
Dev | Index |Priority| In-label | AdjIndex | LIF | Out-label | Op
----+--------+--------+------------+----------+----------+-----------+--------+
No labels in table
Aggregate Table id = 0x2a
------------------
--------+--------+
label | vpn_id
--------+--------+
0 492287 0x2a
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 267
Troubleshooting MPLS with NX-OS
Verify Label Information in Hardware
pe1# show system internal forwarding mpls label
show system internal forwarding mpls
Table id = 1
------------------
----+--------+------------+----------+----------+-----------+--------+
Dev | Index | In-label | AdjIndex | LIF | Out-label | Op
----+--------+------------+----------+----------+-----------+--------+
0 0x1ffa9 18 0x62 0x2 3 POP ONE
0 0x5225 19 0x60 0x2 21 SWAP ONE
0 0x5c24 20 0x64 0x2 20 SWAP ONE
FIB DRAM
FIB TCAM Egress LIF
Adjacency
Index (LTL)
Index
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 268
Troubleshooting MPLS with NX-OS
Route Update PD Verification
• Use the following command to check the route in FIB PD
• Show system internal forwarding route
• Use the following command to check the adjacency in FIB PD
• Show system internal forwarding adjacency
• Use the following command to check the MPLS adjacency in LFIB PD
• Show system internal forwarding mpls adjacency
• Use the following command to check the hardware adjacency to verify if
the packet is getting forwarding out correct interface
• Show system internal forwarding adjacency entry <adj>
detail
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 269
Troubleshooting MPLS with NX-OS
Troubleshooting L3VPN VRF Issues
• Check for L3VM process for the event-traces to verify the events that occurrent
for the VRF
N7k-1# show system internal l3vm event-history vrf
VRF events for L3VM Process - Bufsize 1000 KB2017
2017 Jun 14 09:10:02.139925 l3vm [5710]: [5830]: Updated interface Ethernet1/1 cmd <vrf member TEST>
2017 Jun 14 09:10:02.139757 l3vm [5710]: [5830]: Interface Ethernet1/1 (IOD 37) changing from VRF default to VRF TEST - Count 1
2017 Jun 14 09:10:02.139728 l3vm [5710]: [5830]: Interface Ethernet1/1 (IOD 37) will be down, VRF default UP-IF count 1
2017 Jun 14 09:10:02.139680 l3vm [5710]: [5830]: Moving Ethernet1/1 (ifindex: 0x1a000000 iod: 37) from VRF default to VRF TEST
2017 Jun 14 09:10:02.139522 l3vm [5710]: [5830]: Deleting all L3VM_PSS_IF_KEY config for interface Ethernet1/1
2017 Jun 14 09:10:02.137418 l3vm [5710]: [5830]: [VSH] Process interface Eth1/1 cmd <vrf member TEST>
2017 Jun 14 09:06:24.460917 l3vm [5710]: [5830]: Updated vrf TEST cmd <address-family ipv4 unicast>
2017 Jun 14 09:06:24.460771 l3vm [5710]: [5830]: [VSH] Process vrf TEST cmd <address-family ipv4 unicast>
2017 Jun 14 09:06:24.426293 l3vm [5710]: [5830]: l3vm_pd_process_l3vm_mts_msg_from_ctrl: Received l3vm notification (mtype: 4)
2017 Jun 14 09:06:24.426270 l3vm [5710]: [5830]: l3vm_pd_process_l3vm_mts_msg_from_ctrl: Received l3vm notification (mtype: 4)
2017 Jun 14 09:06:24.426239 l3vm [5710]: [5830]: l3vm_pd_process_l3vm_mts_msg_from_ctrl: Received l3vm notification (mtype: 1)
2017 Jun 14 09:06:24.424511 l3vm [5710]: [5829]: VRF TEST:ipv4:base table (Up:--) sending: Table create
2017 Jun 14 09:06:24.424372 l3vm [5710]: [5829]: VRF TEST:ipv6:base table (Up:--) sending: Table create
2017 Jun 14 09:06:24.424256 l3vm [5710]: [5829]: VRF TEST (Up:--) sending: VRF create
2017 Jun 14 09:06:24.424006 l3vm [5710]: [5829]: VRF TEST - Created
2017 Jun 14 09:06:24.424002 l3vm [5710]: [5829]: VRF TEST (Up:--) sdb ack
2017 Jun 14 09:06:24.423008 l3vm [5710]: [5829]: gsdb_op_callback() - gsdb context 0x0003ce86
2017 Jun 14 09:06:24.421933 l3vm [5710]: [5830]: Updated cmd <vrf context TEST>
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 270
Complete Your Online
Session Evaluation
• Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 gift card.
• Complete your session surveys
through the Cisco Live mobile
app or on www.CiscoLive.com/us.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 272
Thank you
SP SDN –
Segment Routing
Segment Routing
Path towards Segment Routing
• LDP had its own challenges
• Extra process required (LDP) + It creates complicated interaction with IGP (LDP-IGP
Sync)
• RSVP-TE – Deployment and scalability issues (Only 10% SP space uses
RSVP-TE and that too with FRR use-case)
• Always-on Feature, even when TE is not required in the network
• Need network that could understand application requirements
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 276
Segment Routing
Overview
• SR originally meant “Strade Romane” – network of roads which were built by
Roman Empire
• The name was later changed to Segment Routing
• SR is nothing but Application Engineered Routing, where application makes
request to the network (controller) to provide it a path that would serve the
needs of the application
• SR is a source based routing, where the source chooses a path based on the
application requirements
• The chosen path is encoded in the packet header as an ordered list of segments
• Segment – ID for any type of instruction
• Forwarding or service
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 277
Segment Routing
Scalability and Virtualization
Millions of
• Each engineered application flow is mapped on a path Application
flow paths
• Multiple possible paths are available in the network
A path is
• A path is expressed as an ordered list of segments mapped on a
list of
• The network maintains segments segments
• thousands of segments
The network
• completely independent of application size/frequency only
maintains
segments
• Excellent scaling and virtualization No per-flow
• the application state is no longer within the router but application
state
within the packet
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 278
Segment Routing
Data Plane
• MPLS: an ordered list of segments is represented as a stack of labels
• Segment Routing re-uses MPLS data plane without any change
• Segment represented as MPLS label
• Applicable to IPv4 and IPv6 address families
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 279
Segment Routing PHP
Packet Flow
16003
24037 24037
16009 16009
Global label
16003
A B C D
segment 1 16009
segment 2 I Global label
16009
E F G H
Adjacency segment 3
label 24037 16009
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 280
Segment Routing
SRGB
• Segment Routing Global Block SR1(config)#segment-routing mpls
• Range of labels reserved for Segment SR1(config-srmpls)#global-block 18000 19999
Routing Global Segments SR1(config-srmpls)#
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 281
Segment Routing
IGP Segments
• Prefix SID
• Shortest-path to the IGP prefix
• Equal Cost MultiPath (ECMP)-aware
• Global Segment
• Label = 16000 + Index
• Distributed by ISIS/OSPF
• Adjacency SID
• Forward on the IGP adjacency
• Local Segment
• Advertised as label value
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 282
Segment Routing
Migration from LDP to SR
• Configuring SR does not ensure that SR labels will be used by the routers for
forwarding purpose
• By default, the LDP bindings will be used for forwarding decisions
• To make SR to be preferred over LDP, use below configuration
IOS XE IOS XR
segment-routing mpls router isis SR-AS
! !
set-attributes address-family ipv4 unicast
address-family ipv4 segment-routing mpls sr-prefer
sr-label-preferred !
exit-address-family
!
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 283
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 284
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 285
Complete Your Online
Session Evaluation
• Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 gift card.
• Complete your session surveys
through the Cisco Live mobile
app or on www.CiscoLive.com/us.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions
TECMPL-3201 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 287
Thank you