Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
736
Views
5
Helpful
3
Replies

MPLS VPN Network Broken - Please Help

asaykao73
Level 1
Level 1

‎11-16-2009 05:31 PM

HI All,

I'm a bit lost as to why our mpls network is broken between our POPS. I don' know why I can't ping from PE2(lo99) to PE1(lo99). Because of this I can't establish a MP-BGP session between PE1 and PE2.

POP1[PE1 (lo99:172.16.99.13) -> P1] -> POP2[P2 -> PE2 (lo99: 172.16.99.4)]

PE2 can ping P1.

P2 can ping P1.

P2 and PE2 CAN NOT ping PE1.

VPN traffic seems to not get to P1 and go further.

PE2#ping 172.16.99.13

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.99.13, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

PE2#traceroute mpls ipv4 172.16.99.13 255.255.255.255

Tracing MPLS Label Switched Path to 172.16.99.13/32, timeout is 2 seconds

Type escape sequence to abort.

0 203.10.110.207 MRU 1500 [Labels: 3034 Exp: 0] <-- PE2

R 1 203.10.110.211 MRU 9000 [Labels: 8932 Exp: 0] 184 ms <-- packet reaches P2

. 2 * <-- this next hop should be P1 but packet not getting there

. 3 *

. 4 *

* It was working fine til we switched our P1>P2 link to switched ethernet. Our upstream

provider says everything is ok on their end and that jumbo frames are enabled within their

switched ethernet network.

* I've traced the labels from PE2 back to P2 > P1 > PE1 and they look ok.

PE2#sh mpls forwarding-table 172.16.99.13 32

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or VC or Tunnel Id Switched interface

617 3034 172.16.99.13/32 0 Gi0/0.11 203.10.110.211

P2#sh mpls forwarding-table 172.16.99.13 32

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or VC or Tunnel Id Switched interface

3034 8668 172.16.99.13/32 1582342 Gi4/0/1 203.17.96.97

P1#sh mpls forwarding-table 172.16.99.13 32

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or VC or Tunnel Id Switched interface

8668 Pop Label 172.16.99.13/32 158253163 Gi0/0.152 203.17.102.113

* Odd thing is that I can ping from PE1 > PE2 and PE1 > P2.

Just can't ping it the other way P2 > PE1 and PE2 > PE1.

PE1#ping 172.16.99.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.99.4, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/12 ms

* I did a 'debug mpls packet' on P1 and can see labels being swapped ok (I think).

Nov 16 22:43:24.546 AEDT: MPLS turbo: Gi0/1: rx: Len 78 Stack {8668 6 255} - ipv4 data

Nov 16 22:43:25.606 AEDT: MPLS turbo: Gi0/0.152: rx: Len 86 Stack {7087 6 255} - ipv4 data

Nov 16 22:43:25.606 AEDT: MPLS turbo: Gi0/2: tx: Len 82 Stack {6039 6 254} - ipv4 data

Nov 16 22:43:26.878 AEDT: MPLS turbo: Gi0/0.152: rx: Len 86 Stack {7203 6 255} - ipv4 data

Nov 16 22:43:26.878 AEDT: MPLS turbo: Gi0/2: tx: Len 82 Stack {6628 6 254} - ipv4 data

Nov 16 22:43:27.358 AEDT: MPLS turbo: Gi0/0.152: rx: Len 86 Stack {7647 6 255} - ipv4 data

Nov 16 22:43:27.362 AEDT: MPLS turbo: Gi0/2: tx: Len 82 Stack {728 6 254} - ipv4 data

* Any ideas as to why all of a sudden I can not longer ping from P2 > PE1 and PE2 > PE1? It looks like a tranmission issue somewhere between P1 and P2 because I can't pass labels beyond P1 as seen from the traceroute mpls output above.

Please help...

Thanks.

Andy

Labels:
0 Helpful
3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

‎11-16-2009 07:31 PM

Hi Andy,

0 203.10.110.207 MRU 1500 [Labels: 3034 Exp: 0] <-- PE2

R 1 203.10.110.211 MRU 9000 [Labels: 8932 Exp: 0] 184 ms

Do you have the same MTU configured on all your devices?

Reza

0 Helpful

asaykao73
Level 1
Level 1
In response to Reza Sharifi

‎11-16-2009 07:36 PM

The main link from one POP to another is configured with MTU 9000 (see below). And I don't usually touch the MTU between the P and PE routers which would default to 1500.

It's always worked this way until we moved over to this new Switch Ethernet circuit for our backhaul from one POP to another. All of a sudden PE devices at POP2 can not ping PE devices at POP1 - BUT strange enough PE devices at POP1 can ping PE devices at POP2.

--------------------------

P1 Config

--------------------------

interface GigabitEthernet0/2

description Connection to P2

mtu 9000

bandwidth 150000

ip address 203.17.96.x 255.255.255.252

load-interval 30

media-type gbic

speed auto

duplex auto

negotiation auto

mpls ip

--------------------------

P2 Config

--------------------------

interface GigabitEthernet4/0/1

description Connection to P1

mtu 9000

bandwidth 150000

ip address 203.17.96.x 255.255.255.252

load-interval 30

negotiation auto

mpls ip

asaykao73
Level 1
Level 1
In response to asaykao73

‎11-16-2009 09:19 PM

This has been resolved.

Turns out it was something within our Provider's network which does the backhaul for us that had some mac-access group configured on their switch which was blocking the PE's loopback from communicating with each other.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents