Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Resolution Guide - MX - VPLS Troubleshooting (Control Plane) - VPLS Connection not listed or down

0

0

Article ID: KB25025 KB Last Updated: 03 Aug 2012Version: 4.0
Summary:

This article provides a detailed step-by-step procedure to troubleshoot generic Virtual Private LAN Service (VPLS) Control Plane issues.


Note: The scope of this article is limited to BGP signaled VPLS setup as described in RFC4761.  If your scenario is not addressed here, also refer to the KB25099 - VPLS Resources for Junos devices



Symptoms:

Goal:

To troubleshoot VPLS connection setup related issues

Symptoms:

  1. VPLS connection not listed
  2. VPLS connection is not UP


If the VPLS connection is UP, and you are having trouble with traffic passing, then refer to KB24986 - Resolution Guide - MX - VPLS Troubleshooting (Forwarding Plane) - VPLS connection is up but not passing data.


Cause:
 
Solution:

Topology used for this guide:


Perform the following steps:

Note:  While these troubleshooting steps can be applied for all the code versions and for all the platforms, this troubleshooting guide is written primarily keeping MX platform in mind.

For the flowchart version of these steps, click the flowchart icon:

Step 1. Run the command ‘show vpls connections’, and observe the list of connections. 

user@PE2# run show vpls connections    
Layer-2 VPN connections:

Legend for connection status (St)   
EI -- encapsulation invalid      NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch     WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down    NP -- interface hardware not present 
CM -- control-word mismatch      -> -- only outbound connection is up
CN -- circuit not provisioned    <- -- only inbound connection is up
OR -- out of range               Up -- operational
OL -- no outgoing label          Dn -- down                      
LD -- local site signaled down   CF -- call admission control failure      
RD -- remote site signaled down  SC -- local and remote site ID collision
LN -- local site not designated  LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status  IL -- no incoming label
MM -- MTU mismatch               MI -- Mesh-Group ID not available
BK -- Backup connection          ST -- Standby connection
PF -- Profile parse failure      PB -- Profile busy
RS -- remote site standby        SN -- Static Neighbor
VM -- VLAN ID mismatch

Legend for interface status 
Up -- operational           
Dn -- down

Instance: vpls
  Local site: CE2 (20)
    connection-site           Type  St     Time last up          # Up trans
    10                        rmt   Up     Apr 10 14:05:52 2012           1  <-------
      Remote PE: 1.1.1.1, Negotiated control-word: No
      Incoming label: 800025, Outgoing label: 800035
      Local interface: vt-1/2/10.1051905, Status: Up, Encapsulation: VPLS
        Description: Intf - vpls vpls local site 20 remote site 10

The above example command output was taken on router PE2. The connection to site 10 is listed, but the connection to site 30 is NOT listed. For more information on the command show vpls connections, refer to http://www.juniper.net/techpubs/en_US/junos12.1/topics/reference/command-summary/show-vpls-connections.html


Is the VPLS connection listed for the remote site in question?



Step 2.  The first logical point of troubleshooting is to check if there are issues in the core with IGP and iBGP.

Use the following commands to verify IGP and iBGP:

IGP: Use 'show route <egress_PE_prefix> extensive', specifying the loopback IP of the other end egress PE router from which you are not seeing the VPLS connection listed in Step 1.

For example, if PE2 can’t get to PE3, run the following command:

PE2> show route 3.3.3.3 extensive

If the route is not in the local PE routing table, and is the primary route, ping the route to verify the connectivity. If not pingable, troubleshoot IGP.

IBGP: Use 'show bgp neighbor <PE_neighbor_address>', specifying the other end PE router. Make sure the status of the BGP neighbor relationship is ESTABLISHED; if not then troubleshoot issues with iBGP. For more information on the command output, refer to http://www.juniper.net/techpubs/en_US/junos12.1/topics/reference/command-summary/show-bgp-neighbor.html.

Note: If there are any issues with LSP's in the core, the connection will be listed in the output shown in Step 1 but it will not be in the Up state; in this case, refer to KB25097 - Troubleshoot VPLS connection status flags when VPLS connection is down.

Is the VPLS connection listed after verifying IGP and iBGP?



Step 3. Verify that all the PE routers belonging to the VPLS instance are advertising the correct BGP NLRI updates (VPLS signaling routes).

Run the command 'show route advertising-protocol bgp <PE_neighbor> table R_I.l2vpn.0 extensive' on all the affected PE routers of the VPLS network.

Working Example:
In the command output taken on PE3, we see that PE3 is correctly announcing VPLS signaling information to the PE2 peer (2.2.2.2).

PE3# run show route advertising-protocol bgp 2.2.2.2 table vpls.l2vpn.0 extensive

vpls.l2vpn.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
* 3.3.3.3:6:20:9/96 (1 entry, 1 announced)
BGP group ibgp type Internal
Route Distinguisher: 3.3.3.3:6
Label-base: 800016, range: 8
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [100] I
Communities: target:100:1 Layer2-info: encaps:VPLS, control flags:, mtu: 0, site preference: 100

* 3.3.3.3:6:20:17/96 (1 entry, 1 announced)
BGP group ibgp type Internal
Route Distinguisher: 3.3.3.3:6
Label-base: 800000, range: 8
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [100] I
Communities: target:100:1 Layer2-info: encaps:VPLS, control flags:, mtu: 0, site preference: 100

After analyzing the above command output on the affected routers, are the PE routers advertising the correct BGP NLRIs (VPLS signaling routes)? 

  • Yes - Continue to Step 4
  • No - Check the following:
    • Verify configuration on the interested routers. Check if the correct vrf target is set; vrf target should be same on all the PE routers involved in the VPLS signaling for any particular instance.
    • Check if the correct signaling is configured for VPLS under protocol bgp and is under the intended bgp neighbor/group.
    • Check configuration to see if the same AS site ID is configured on both ends. If so, this is incorrect; they must be different.
    After performing the checks, if the interested PE routers are sending the VPLS route information to every other PE router and still the VPLS connection is not listed, then continue to Step 4.


Step 4. Verify that all the PE routers belonging to VPLS instance are receiving the correct BGP NLRI updates (VPLS signaling routes).

Run the command 'show route receive-protocol bgp <PE_neighbor> table R_I.l2vpn.0 extensive' on all the affected PE routers to verify if it is receiving signaling routes from all the PE’s. You can also verify if all the intended VPLS routes are in the local PE routing table by looking in to 'show bgp summary'.

Working example output:
In the command output taken on PE2, we see that PE2 is receiving correct VPLS signaling information from PE3 (3.3.3.3).

PE2# run show route receive-protocol bgp 3.3.3.3 table vpls.l2vpn.0 extensive

vpls.l2vpn.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
* 3.3.3.3:6:20:9/96 (1 entry, 1 announced)
Import Accepted
Route Distinguisher: 3.3.3.3:6
Label-base: 800008, range: 8
Nexthop: 3.3.3.3
Localpref: 100
AS path: I
Communities: target:100:1 Layer2-info: encaps:VPLS, control flags:, mtu: 0, site preference: 25600

* 3.3.3.3:6:20:17/96 (1 entry, 1 announced)
Import Accepted
Route Distinguisher: 3.3.3.3:6
Label-base: 800000, range: 8
Nexthop: 3.3.3.3
Localpref: 100
AS path: I
Communities: target:100:1 Layer2-info: encaps:VPLS, control flags:, mtu: 0, site preference: 25600

If the PE routers are not receiving VPLS signaling routes, verify if any of the routes are hidden on the receiving PE. There are various reasons for routes to be hidden, the common being:

  1. The received routes have a protocol next-hop value which is not reachable.
  2. There is an import policy on the local PE rejecting the received routes. 
Verify these by using 'show route table R_I.l2vpn.0 hidden extensive'.

In the example output below taken on PE3, there was an import policy which did not pass this route and hence the route is hidden.

PE3# run show route table vpls.l2vpn.0 hidden extensive 

vpls.l2vpn.0: 4 destinations, 4 routes (2 active, 0 holddown, 2 hidden)
2.2.2.2:5:10:9/96 (1 entry, 0 announced)
BGP /-101
Route Distinguisher: 2.2.2.2:5
Next hop type: Indirect
Address: 0x2a248f8
Next-hop reference count: 4
Source: 2.2.2.2
Protocol next hop: 2.2.2.2
Indirect next hop: 2 no-forward
State: <Secondary Hidden Int Ext>
Local AS: 100 Peer AS: 100
Age: 10 Metric2: 1
Task: BGP_100.2.2.2.2+179
AS path: I
Communities: target:100:1 Layer2-info: encaps:VPLS, control flags:, mtu: 0, site preference: 25600
Import <<<<<< import policy didn't pass on this route and hence hidden
Label-base: 800000, range: 8
Localpref: 100
Router ID: 2.2.2.2
Primary Routing Table bgp.l2vpn.0
Indirect next hops: 1
Protocol next hop: 2.2.2.2 Metric: 1
Indirect next hop: 2 no-forward
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: 20.20.20.1 via ge-1/0/1.0 weight 0x1
2.2.2.2/32 Originating RIB: inet.3
Metric: 1 Node path count: 1
Forwarding nexthops: 1
Nexthop: 20.20.20.1 via ge-1/0/1.0


Is the VPLS connection listed after verifying that the interested PE routers are receiving
 VPLS route information from every other PE router? 


Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search