Você está na página 1de 11

Id:

Tecnologia:

3
MPLS

Segmento: Rede de Dados


Fabricante: CISCO
SYSTEMS
Plataforma:
Famlias:
C7200
C7500
C7600
Hardware:
ROTEADOR
Cliente VPN(vrf) sem conectividade entre os sites;
Sintomas:
Falha de roteamento entre sites para clientes vpn (vrf);
Troubleshooting: Verificar a Tabela CEF(FIB). Recursos obrigatrios para
operao MPLS
Segue alguns comandos com a tabela CEF no estado
OPERACIONAL
PE300B#sh ip cef summary
IP CEF with switching (Table Version 140099), flags=0x0
5224 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 30330
36 instant recursive resolutions, 0 used background process
36096 leaves, 3732 nodes, 5534256 bytes, 1529907 inserts, 1493811
invalidations
5044 load sharing elements, 1694784 bytes, 35099 references
universal per-destination load sharing algorithm, id B665EA45
3(0) CEF resets, 51800 revisions of existing leaves
Resolution Timer: Exponential (currently 1s, peak 4s)
111179 in-place/0 aborted modifications
refcounts: 1037058 leaf, 963584 node
Table epoch: 0 (5224 entries at this epoch)
Adjacency Table has 250 adjacencies
PE300B#sh ip cef epoch | b vpncliente1
Table: V252:vpncliente1
Table epoch: 0 (288 entries at this epoch)
PE300B>sh ip cef vrf vpncliente1
Prefix Next Hop Interface
0.0.0.0/0 192.168.1.2 GigabitEthernet1/3.3110
0.0.0.0/32 receive
172.30.1.0/24 192.168.1.2 GigabitEthernet1/3.3110
172.30.2.0/24 192.30.2.2 ATM6/0/0.41920

172.30.5.0/24 201.10.218.97 GigabitEthernet1/1


201.10.250.53 GigabitEthernet1/4
201.10.251.117 GigabitEthernet8/2
201.10.251.125 GigabitEthernet7/2
172.30.6.0/24 201.10.218.97 GigabitEthernet1/1
201.10.250.53 GigabitEthernet1/4
< omitido >
Segue abaixo o comando para habilitar CEF (tabela FIB) no
equipamento.
# ip cef

Verificar a conectividade entre PE_local <==> CE_local


(PE1<==>CE1)
Obter informaes da VPN vrf do cliente (nome da vpn,
interfaces da vpn).
PE300B#show ip vrf vpncliente1
Name Default RD Interfaces
vpncliente1 8167:10901 Gi1/3.3110
AT6/0/0.41962
AT6/0/0.41970
AT6/0/0.411010
PE300B#sh int AT6/0/0.41970
ATM6/0/0.41970 is up, line protocol is up
Hardware is SPA-2XOC3-ATM, address is 0013.5f6f.5040 (bia
0013.5f6f.5040)
Description: CLIENTE_DISMAR*CTA
0741304*256K*18/03/08*VETOR-FR
Internet address is 192.30.11.1/30
MTU 4470 bytes, BW 256 Kbit, DLY 80 usec,
reliability 255/255, txload 53/255, rxload 24/255
< omitido >
Verificar as informaes da VPN(vrf do cliente), isto , nome da
vrf, RD, RT, interfaces
Name ---->> Nome da VPN(vrf) do cliente
Interfaces ---->> Interfaces associadas a VPN(vrf do cliente)

Verificar configuraes da VPN (vrf) para cliente VPN MPLS


(nome, interfaces, roteamento)
PE300B#sh runn ------------- >>>> Verificar configuraes da

VPN(vrf) do Cliente conforme


documentao do projeto
< omitido >
ip vrf vpncliente1
rd 8167:604
route-target export 8167:604
route-target import 8167:604
< omitido >
interface GigabitEthernet10/14.604
description VLAN_ vpncliente1
encapsulation dot1Q 604
ip vrf forwarding vpncliente1
ip address 172.30.172.27 255.255.255.248
no ip redirects
< omitido >
router bgp 8167
no bgp default ipv4-unicast
bgp log-neighbor-changes
bgp deterministic-med
neighbor ROUTE-REFLECTOR peer-group
neighbor ROUTE-REFLECTOR remote-as 6000
neighbor ROUTE-REFLECTOR password 7
neighbor ROUTE-REFLECTOR update-source Loopback0
neighbor ROUTE-REFLECTOR-VPNV4 peer-group
neighbor ROUTE-REFLECTOR-VPNV4 remote-as 8167
neighbor ROUTE-REFLECTOR-VPNV4 update-source
Loopback0
neighbor 200.140.197.253 remote-as 65010
neighbor 200.140.197.253 description eBGP-AS-PRIVADO
< omitido >
address-family ipv4
no synchronization
bgp dampening
redistribute connected route-map IBGP-CONNECTED
redistribute static route-map IBGP-STATIC
redistribute ospf 20 route-map OSPF2BGP_GSM_GPRS
neighbor ROUTE-REFLECTOR send-community
neighbor ROUTE-REFLECTOR next-hop-self
neighbor 200.140.197.253 activate
< omitido >
address-family ipv4 vrf vpncliente1
no synchronization
redistribute connected
redistribute static
exit-address-family

!
< omitido >

Executar teste de conectividade entre PE_Local <==>CE_Local


PE300B#ping vrf vpncliente1 192.30.11.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.30.11.2, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
24/24/28 ms
PE300B#

Verificar/confirmar a conectividade entre PE_local <==>


PE_Remoto ( PE1)
o Identificar o PE_Remoto, por meio da tabela de roteamento da
vpn(vrf)
PE300B#sh ip route vrf vpncliente1 bgp
Routing Table: vpncliente1
< omitido >
172.30.0.0/24 is subnetted, 44 subnets
B 172.30.12.0 [200/0] via 201.10.216.223, 1d04h
B 172.30.18.0 [200/0] via 201.10.216.11, 1d00h
B 172.30.20.0 [200/0] via 201.10.216.19, 1w2d
172.30.18.0 --> Rede do cliente vpncliente1 no Site Remoto
201.10.216.11 --> Endereo do PE REMOTO
o Identificar o nome do PE_Remoto utilizando o comando
traceroute
PE300B#traceroute 201.10.216.11
Type escape sequence to abort.
Tracing the route to -L0-PEremoto300.(201.10.216.11)
1 G9-0-2-01(201.10.251.125) [MPLS: Label 224 Exp 0] 8 msec
G6-0-0-01(201.10.218.97) [MPLS: Label 224 Exp 0] 8 msec
G6-0-0--01.(201.10.250.53) [MPLS: Label 676 Exp 0] 8 msec
2 G4-0-0-300.(201.10.250.182) [MPLS: Label 2316 Exp 0] 16 msec

G2-2-300.(201.10.250.218) [MPLS: Label 2316 Exp 0] 8 msec


G4-0-3-300.(201.10.250.186) [MPLS: Label 2316 Exp 0] 8 msec
3 G12-0-0-PEremoto300.(201.10.217.70) 8 msec * 8 msec
PE300B#
PEremoto300 --> Nome do do PE REMOTO (201.10.216.11)

o Identificar o nome do PE_Remoto utilizando o Router


Refletor(RR)
A relao de NOME/ENDEREOS_IP pode estar no RR(Router
Refletor) para o caso existir a configurao no campo
DESCRIPTION para os neighbor(s) BGP.
PE-VPN01#sh run | i description
description CONEXAO_COM_PE-01_GE2/0/3
neighbor 201.10.208.16 description PE306
neighbor 201.10.208.17 description PE302
neighbor 201.10.208.20 description PE300
201.10.208.16 ---- >> Endereco Loopback (LSR_ID) utilizado
para MPLS_ID
PE306 ---- >> Nome do equipamento

o Verificar os Labels MPLS na Database BGP para um prefixo


da vpn
PE300B#sh ip bgp vpnv4 vrf vpncliente1 172.30.18.0
BGP routing table entry for 8167:10901:172.30.18.0/24, version
61736453
Paths: (2 available, best #2, table vpncliente1)
Not advertised to any peer
Local
201.10.216.11 (metric 51) from 201.10.224.8 (201.10.224.8)
Origin incomplete, metric 0, localpref 100, valid, internal
Extended Community: RT:8167:10901
Originator: 201.10.216.11, Cluster list: 0.0.0.14
mpls labels in/out nolabel/2240
Local
201.10.216.11 (metric 51) from 201.10.208.8 (201.10.208.8)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Extended Community: RT:8167:10901
Originator: 201.10.216.11, Cluster list: 0.0.0.14
mpls labels in/out nolabel/2240

172.30.18.0 ---- > Rede do cliente no Site Remoto


201.10.216.11 ---- > Endereo IP (LoopbackO) do PE_Remoto
201.10.224.8 ---- > Endereo IP (LoopbackO) do Router Refletor
1 (RR1)
201.10.208.8 ---- > Endereo IP (LoopbackO) do Router Refletor
2 (RR2)
nolabel / 2240 ---- > Label In(entrada) / Label de out(Saida)

o Verificar os Labels MPLS na Tabela FIB(CEF) para prefixo


especifico
PE300B#sh ip cef vrf vpncliente1 172.30.18.0
172.30.18.0/24
nexthop 201.10.218.97 GigabitEthernet1/1 label 224 2240
nexthop 201.10.250.53 GigabitEthernet1/4 label 676 2240
nexthop 201.10.251.117 GigabitEthernet8/2 label 676 2240
nexthop 201.10.251.125 GigabitEthernet7/2 label 224 2240
PE300B#
224 ---- > Label Externo (conectividade PE_Local <>
PE_Remoto)
2240 ---- > Label Interno (VPN-vrf do cliente no Site Remoto)

o Verificar os Labels MPLS na Tabela LFIB(data forwarding


MPLS) para um prefixo
PE300B#sh mpls forwarding-table vrf vpncliente1 172.30.18.0
detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
None 2240 172.30.18.0/24[V] 0
Recursive paths, Label Stack{2240}
008C0000
VPN route: vpncliente1
No output feature configured
PE300B#

Outgoing Label (Label de Saida) tem tratamento diferenciado


conforme abaixo:
- Untagged Untag the incoming MPLS packet
- Aggregate Untag remove label e executa pesquisa na
FIB(roteamento ip)
- Pop Pops(Remove) o top label do pacote
- Null Zera o conteudo do top label (primeiros 20bits)
Label values 015 are reserved

o Verificar conectividade PE<>PE


PE300B#ping mpls ipv4 201.10.216.11/32 <<------- Conectividade
bsica entre os PEs
Sending 5, 100-byte MPLS Echos to 201.10.216.11/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC
mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label
entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
12/13/16 ms
PE300B#
PE300B#traceroute mpls ipv4 201.10.216.11/32 <<------- Rastrear
caminho de roteamento
Tracing MPLS Label Switched Path to 201.10.216.11/32, timeout
is 2 seconds
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC
mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label
entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,

'X' - unknown return code, 'x' - return code 0


Type escape sequence to abort.
0 201.10.251.118 MRU 1542 [Labels: 676 Exp: 0]
L 1 201.10.251.117 MRU 1542 [Labels: 2316 Exp: 0] 640 ms
L 2 201.10.250.214 MRU 1504 [Labels: implicit-null Exp: 0] 228
ms
! 3 201.10.217.70 16 ms <-------- PE REMOTO (interface
diretamente conectada do PE)
PE300B#
PE300B#traceroute vrf vpncliente1 ip 172.30.18.0 <<------Rastrear caminho de roteamento prefixo VPN
Type escape sequence to abort.
Tracing the route to 172.30.18.0
1 -G9-2-2--01.(201.10.251.117) [MPLS: Labels 676/2240 Exp 0]
528 msec
-G9-0-2-01.(201.10.251.125) [MPLS: Labels 224/2240 Exp 0] 612
msec
-G6-0-0--01.(201.10.218.97) [MPLS: Labels 224/2240 Exp 0] 596
msec
2 -G1-4-PEremoto303.(201.10.250.166) [MPLS: Labels 3341/2240
Exp 0] 684 msec
-G1-2-PEremoto303.(201.10.217.150) [MPLS: Labels 3341/2240
Exp 0] 684 msec
-G1-1-PEremoto303.(201.10.250.150) [MPLS: Labels 3341/2240
Exp 0] 712 msec
3 192.30.18.1 [MPLS: Label 2240 Exp 0] 52 msec 20 msec 288
msec
4 192.30.18.1 [MPLS: Label 2240 Exp 0] 12 msec 80 msec 284
msec
PE300B#

o Teste de conectividade PE_Remoto <==>CE_Remoto para o


prefixo VPN(vrf do cliente)
PEREMOTO300#sh ip bgp vpnv4 vrf vpncliente1 172.30.18.0
--->> Roteamento BGP para o prefixo VPN
BGP routing table entry for 8167:10901:172.30.18.0/24, version
3043677
Bestpath Modifiers: deterministic-med
Paths: (1 available, best #1, table vpncliente1)
Advertised to update-groups:
6

Local
192.30.18.2 (via vpncliente1) from 0.0.0.0 (201.10.216.11)
Origin incomplete, metric 0, localpref 100, weight 32768, valid,
sourced, best
Extended Community: RT:8167:10901
mpls labels in/out 2240/nolabel
PEREMOTO300#sh ip bgp vpnv4 vrf vpncliente1 labels | i
172.30.18.0 --->> Verificar Labels
172.30.18.0/24 192.30.18.2 2240/nolabel
PEREMOTO300#
PEREMOTO300#sh mpls ldp bindings vrf vpncliente1
172.30.18.0 24 --->> Verificar Labels LIB(Labels mpls)
TIB not enabled --- >>> Est correto. Para cliente VPN(vrf).
PEREMOTO300#sh mpls forwarding-table vrf vpncliente1
172.30.18.0 --->> Verificar LFIB(encaminhamento mpls)
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
2240 Untagged 172.30.18.0/24[V] 60275019 AT2/0/0.41478
point2point
PEREMOTO300#
2240/nolabel ----- >> verificar os Labels externo/interno
172.30.18.0/24[V] ---- >> Prefixos VPN(vrf) do Cliente

Utilizar os comandos abaixo para normalizar


INCONSISTNCIAS DE TABELAS verificadas por meio dos
comandos anteriores.
clear ip bgp * vpnv4 unicast in
renova as rotas (Route-Refresh) para todos os peers VPN MPBGP.
clear ip bgp vpnv4 unicast in
renova as rotas (Route-Refresh) para um peers MP-BGP
ESPECIFICO.
clear ip bgp * vrf < vrf >
inicializa (Clear) as sesses PE-CE eBGP para VRF

ESPECIFICA.
clear ip bgp * vrf in
renovar as rotas de entrada (Route-Refresh) em todos os CEs
para VRF ESPECIFICA.
clear ip bgp * vrf < vrf > out
renovar as rotas de sada (Route-Refresh) em todos os CEs para
VRF ESPECIFICA
clear ip bgp vrf < vrf > soft in|out
renovar as rotas de entrada/sada (Route-Refresh) em todos os
CEs para VRF ESPECIFICA SEM terminar a sesso
Tabela CEF(FIB) desabilitada;
Inconsistncias nas tabelas relacionadas de Roteamento/MPLS;
Causas:
Quebra de LSP(label switching path) entre os PEs;
Interfaces de sada dos PE travadas (bug ios);
Erro de parmetro na configurao VPN(VRF);
Informaes para TACACS Server
Anlise:
Verificar as modificaes de configurao executadas.
SYSLOG Server
Mensagens de logging anteriores ao CRASH/Reload/Reset
recebidos peloa Servidor de Logging.
sh logging
Mensagens de logging do equipamento.
show technical-support
Conjunto de informaes para analise tcnica.
show ip cef vrf <vrf>
exibe a tabela FIB(CEF) para VPN em uma vrf especifica
sh ip bgp vpnv4 all summary
exibe todas os peers MPBGP e CE pra VPN. Anlogo ao sh ip
bgp summary
sh ip bgp vpnv4 all
exibe todos os prefixos advertised/rcvd pelo router para VPN(vrf)
sh ip bgp vpnv4 vrf <vrf>
exibe os prefixos advertised/rcvd pelo router para VPN(vrf)
especifica
sh ip bgp vpnv4 vrf <vrf> labels
exibe os Labels para os prefixo da VPN em uma vrf especifica
RR(Route-Reflector)
Nota importante: RR no tem nenhuma informao sobre
VPN(vrf), segue alguns commandos para verificao do
Roteamento BGP.
sh ip bgp vpn all
exibir todas os prefixos para todas as VPN(vrf)
sh ip bgp vpn rd <RD>

exibir todas os prefixos VPNv4 para um RD especifico


sh ip bgp vpn rd <RD> label
exibir os Labels dos prefixos para VPNv4 especifica
ATENO - COMANDOS DEBUG USO AGRESSIVO DO
ROUTER
debug ip bgp vpnv4 unicast
depurar informaes detalhadas para rotas unicast Virtual
Private Network version 4 (VPNv4).
debug mpls lfib cef [acl]
depurar informaes detalhadas sobre Label (created, resolved,
and deactivated ) enquanto as rotas Cisco Express
Forwarding (CEF) so adicionadas, lateradas ou removidas
debug ip bgp vpnv4
depurar problemas relacionados com Label no BGP (muitas
informaes so recebidas)
debug mpls lfib cef [acl]
depurar inconsistncias de Label entre FIB/LFIB.
debug ip bgp vpnv4 import
depurar prefixos VPN que no so importados dentro da Tabela
VRF ble (muitas informaes so recebidas)
debug ip routing vrf <vrf> [acl]
depurar prefixos VPN que no so instalados dentro da tabela de
roteamento VRF.
ATENO - COMANDOS DEBUG USO AGRESSIVO DO
ROUTER
Workaround:

N.A.

Reviso:

28/04/2009

Anexos:

Nome

Troubleshooting
Aprovado ?

Sim

Data
28/04/2011
Expirao:
Tamanho

Data do
Envio