VRF – VPN4 Troubleshooting

Before you start MPLS VPN troubleshooting, you should ask the following questions:

1.- Is Cisco Express Forwarding (CEF) enabled on all routers in the transit path between the provider edge (PE) routers?

You can verify the validity of the CEF entry and the associated label stack with the show ip cef vrf vrf-name ip-prefix detail command. The top label in the stack should correspond to the BGP next-hop label as displayed by the show mpls forwarding-table command on the ingress router. The second label in the stack should correspond to the label allocated by the egress router.

2.- Are labels for Border Gateway Protocol (BGP) next hops generated and propagated?
3.- Are there any maximum transmission unit (MTU) issues in the transit path ?
4.- Verifying the routing information flow using the checks outlined in the figure
5.- Verifying the data flow, or packet forwarding
6.- Are you including the vrf interface into the MP-BGP process??

The first step is to check the routing information exchange from CE routers to PE routers. you can use the show ip route vrf vrf-name command to verify that the PE router receives customer routes from the CE router.

The CE routes received by the PE router need to be redistributed into Multiprotocol BGP (MP BGP); if you do not do this, the routes will not get propagated to other PE routers.

The CE routes redistributed into MP-BGP need to be propagated to other PE routers.

Verify the correct route propagation using show ip bgp vpnv4 all ip-prefix command on the remote PE router.

Routes sent by the originating PE router might not be received by a remote PE router because of automatic RT-based filters installed on the remote PE router.

Automatic route filters are based on RTs. Verify that the RTs attached to the CE route in the originating PE router match at least one of the RTs configured as import RTs in the VRF on the receiving PE router.

The VPN version 4 (VPNv4) routes received by the PE router have to be inserted into the proper VRF. This insertion can be verified with the show ip route vrf command.

the BGP routes received via MP-BGP and inserted into the VRF need to be redistributed into the PE-CE routing protocol. A number of common redistribution mistakes can occur here, starting with missing redistribution metrics.

The routes redistributed into the PE-CE routing protocol have to be propagated to CE routers. You may also configure the CE routers with a default route toward the PE routers.

On Mon, Jun 22, 2009 at 9:36 PM, Dayaa Al Zoubi <cciecool@gmail.com> wrote:

hi
two different bgp areas means two different sp , the VPN4 connectivity
between them , in the border router sh ip route will not show the customer
routes , sh ip bgp vpn4 all will show , but when pinging from the customer
vrf in sp 1 to vrf in sp2 the border and debug the ip packet in the border
router , it the destination unroutable !!!!!
so the destination not in the routing table but in the vpn4 table and the
router not checking this table !!!!
why is that ……

thansk
dayaa

Blogs and organic groups at http://www.ccie.net

_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s