No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

LDP Peer Relationship Fails to Be Established Because of Inconsistent MD5 Configurations

Publication Date:  2013-09-03 Views:  32 Downloads:  0
Issue Description
As shown in the topology provided in the attachment, radio links are used for transmission between PEs on a ring network. During the upgrade, microwave devices restart and the corresponding radio links are disconnected. Each PE is connected to a neighboring PE through two radio links. The microwave device upgrade is implemented one by one. During the upgrade, only one microwave device restarts at a time. In normal cases, when microwave devices restart, one radio link is available between PEs. The IS-IS peer relationship with the neighboring PE is Up, the BGP VPNv4 peer relationship is Established, the LSP exists, and VPN services are not interrupted. When the microwave device between TH-P and JD is upgraded and restarts, JD and WH fail to be managed by the NMS and services on NodeB devices connected to PEs using L3VPN are interrupted. After the microwave device restarts, network management and services on NodeB devices are recovered.
Routers fail to be managed by the NMS.
Handling Process

1.     Check logs on WH and SE-02. No connected interface is Down. Microwave devices between WH and SE-02 are not upgraded and the transmission links are normal.

2.     On WH and SE-02, run the display isis peer command. The command output shows that the IS-IS peer relationship is Up.

3.     On WH, run the display mpls ldp session command. The command output shows that the status of the peer SE-02 (10.195.0.157) is NonExistent.

<RAN-Dam:WH-NE40E-01> display mpls ldp session
 LDP Session(s) in Public Network
 Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
 A '*' before a session means the session is being deleted.
 ------------------------------------------------------------------------------
 PeerID             Status      LAM  SsnRole  SsnAge      KASent/Rcv
 ------------------------------------------------------------------------------
 10.195.0.55:0      Operational DU   Passive  0005:06:53  30456/30455
 10.195.0.157:0     NonExistent      Passive              0/0                               
------------------------------------------------------------------------------
 TOTAL: 2 session(s) Found.

4.     Check the reason of the failure to establish the LDP peer relationship. Interfaces connecting WH and SE-02 are enabled with basic MPLS functions and MPLS LDP.

5.     On WH, run the display current-configuration configuration mpls-ldp command. The peers SE-01 (10.195.0.51) and JD (10.195.0.55) are configured with MD5 authentication.

<RAN-Dam:WH-NE40E-01> display cur conf mpls-ldp
#
mpls ldp
 graceful-restart
 md5-password cipher 10.195.0.51 "Z<C,$aa+%'XR)EYSXDN=!!!                  
 md5-password cipher 10.195.0.55 "Z<C,$aa+%'XR)EYSXDN=!!!                 
#

6.     On SE-02, run the display current-configuration configuration mpls-ldp command. The peers SE-01 (10.195.0.51) and WH (10.195.0.53) are configured with MD5 authentication. However, the peer of WH in MD5 authentication is not the local end SE-02 (10.195.0.157). LDP MD5 authentication configurations on the two peers are different, leading to a failure to establish the LDP peer relationship.

<RAN-Dam:SE-NE40E-02>disp current-configuration configuration mpls-ldp
#
mpls ldp
 graceful-restart
 md5-password cipher 10.195.0.51 "Z<C,$aa+%'XR)EYSXDN=!!!

 md5-password cipher 10.195.0.53 "Z<C,$aa+%'XR)EYSXDN=!!!
#
 
JD and WH have BGP VPNv4 peer relationships with other PEs. MPLS LDP peer authentication between WH and SE-02 fails and the LDP peer relationship fails to be established. No LSP is generated. During VPN route learning, LSP tunnels cannot be iterated and no route is added to the routing table in the VPN instance. The peers fail to learn VPN routes, and VPN services cannot be forwarded.
Root Cause
LDP MD5 authentication is configured differently on WH and SE-02, leading to a failure to establish the LDP peer relationship.
Solution

When a PE is added on the ring network (for example, RTB is added between RTA and RTC), the LDP MD5 authentication configuration is not changed to the LSR ID of the directly connected PE. MD5 authentication configurations on the two peers are different, leading to a failure to establish the LDP peer relationship. Change MD5 authentication to the same on the two ends. The problem is solved.

Check MPLS LDP peer authentication configurations on all devices. This problem is discovered on multiple PEs. Change the configurations. In the subsequent upgrade of other microwave devices, the problem does not occur. In addition, the risk of interrupted services due to radio link faults is eliminated.
Suggestions

During microwave device restart, the link between JD and TH-P is interrupted, JD and WH cannot be managed by the NMS, and services on NodeB are interrupted. The physical link between WH and SE-02 may be faulty or a network protocol cannot work properly. The possible causes are as follows:

The connected interface or transmission link between WH and SE-02 is faulty. As a result, the connected interface is not Up.

The IS-IS neighbor relationship between WH and SE-02 is not Up and the IGP route is unreachable. As a result, the LDP peer and BGP VPNV4 peer relationships fail to be set up.

MPLS or MPLS LDP is not enabled on the connected interface of WH or SE-02. As a result, the LDP peer relationship fails to be set up.

MD5 authentication configuration of WH or SE-02 is incorrect. As a result, the LDP peer relationship fails to be set up.

END