由于IGP路由路径不对导致NE40E无法生成公网LSP

发布时间:  2008-05-13 浏览次数:  105 下载次数:  1
问题描述
某局点两台NE40E作为PE分别和两台NE5000E互联,NE5000E为RR。 
四台设备同时位于一个OSPF area内。
故障为:PE1可以收到RR1反射路由 vpnv4,但是无法写入VPN实例路由表。
  NE5000E(RR1)-----NE5000E(RR2)
                 |                           |
                 |                           |
         NE40E(PE1)------NE40E(PE2)
                                

1、<NE40E>display bgp vpnv4 all routing-table                                                                               
 Total number of routes from all PE: 2                                          
 Route Distinguisher: 65036:21632                                               
                                                                                
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn   
                                                                                
 *>i  10.150.10.0/29     60.214.156.153  0          100        0      ?         
 * i  10.150.10.0/29     60.214.156.153  0          100        0      ?        /// 
                                                                                
 Total routes of vpn-instance cnc_signal: 4                                     
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn   
                                                                                
   i  10.150.10.0/29     60.214.156.153  0          100        0      ?         
   i                     60.214.156.153  0          100        0      ?         
 *>   10.150.10.8/29     0.0.0.0         0                     0      ?         
 *>   10.150.10.10/32    0.0.0.0         0                     0      ?     
可以看到MBGP路由表中可以学到。    
2、<NE40E>display ip routing-table vpn-instance cnc_signal                  //vpn实例中无法看到相关路由
Route Flags: R - relay, D - download to fib                                     
------------------------------------------------------------------------------  
Routing Tables: cnc_signal                                                      
         Destinations : 4        Routes : 4                                     
                                                                                
Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface        
                                                                                
    10.150.10.8/29  Direct 0    0           D  10.150.10.10    GigabitEthernet1/
0/4.2800                                                                        
   10.150.10.10/32  Direct 0    0           D  127.0.0.1       InLoopBack0      
   10.150.10.15/32  Direct 0    0           D  127.0.0.1       InLoopBack0      
255.255.255.255/32  Direct 0    0           D  127.0.0.1       InLoopBack0  
3、私网路由迭代的公网出口为null0
<zz_331_NE40E>display ip routing-table vpn-instance cnc_signal 10.150.10.0 29 ve
rbose                                                                                                                                                         
Destination: 10.150.10.0/29                                                     
     Protocol: BGP             Process ID: 0                                    
   Preference: 255                   Cost: 0                                    
      NextHop: 60.214.156.153   Neighbour: 221.1.252.132                        
        State: Inactive Adv WaitQ     Age: 00h03m27s                            
          Tag: 0                 Priority: 0                                    
        Label: 109568             QoSInfo: 0x0                                  
 RelayNextHop: 0.0.0.0          Interface: NULL0  ///公网迭代出口为null0                                 
     TunnelID: 0x0                  Flags: R          
                                                                                
Destination: 10.150.10.0/29                                                     
     Protocol: BGP             Process ID: 0                                    
   Preference: 255                   Cost: 0                                    
      NextHop: 60.214.156.153   Neighbour: 221.1.252.130                        
        State: Inactive Adv WaitQ     Age: 00h03m27s                            
          Tag: 0                 Priority: 0                                    
        Label: 109568             QoSInfo: 0x0                                  
 RelayNextHop: 0.0.0.0          Interface: NULL0                                
     TunnelID: 0x0                  Flags: R  
处理过程
1、由于MBGP路由表可以学到对端PE的路由,说明MBGP邻居关系正常,进一步确认私网标签分发正常,接下来排查中主要可以考虑公网LSP的生成以及私网路由的迭代情况。
2、查看私网路由的详细信息
  发现私网路由迭代的公网出口为null0(具体见故障信息),说明私网路由没有正确的公网迭代出口,这样可以说是无效的私网路由,自然不会写入vpn实例的路由表。                                 
3、查看公网LDP会话正常,两台P之间的LDP会话可以建立。
<NE40E>dis mpls ldp session          
 221.1.252.130:0    Operational DU   Passive  000:05:41   1366/1366             
 221.1.252.132:0    Operational DU   Passive  000:05:41   1366/1366                  
4、查看公网LSP的标签分发情况,发现PE和P设备之间虽然可以建立LDP会话,但是却不能分配标签。
<NE40E>display mpls ldp lsp  221.1.252.130 32                     
 ------------------------------------------------------------------------------ 
 SN     DestAddress/Mask   In/OutLabel   Next-Hop        In/Out-Interface       
 ------------------------------------------------------------------------------ 
*1      221.1.252.130/32   Liberal                                              
*2      221.1.252.130/32   Liberal 
5、查看P设备loopback地址的IGP路由信息
<NE40E>display ip routing-table 221.1.252.130                                                                                         
Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface                                                                                      
  221.1.252.130/32  OSPF   10   61          D  60.214.159.153  GigabitEthernet2/0/2
可以看到P(RR1)设备的32 位loopback路由信息是从另外一台NE40E设备 PE2学习过来,而不是P设备学习过来,而两台NE40E之间没有启用LDP邻居关系。
6、检查组网中设备的IGP配置以及发布,发现5000E(RR1)侧没有在与PE1互联的接口上正确启用ospf,更正IGP路由配置,即可以达到更正学习路径的目的。
<NE40E>display ip routing-table 221.1.252.130                                                                                        
Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface        
 221.1.252.130/32  OSPF   10   61          D  60.214.159.165  GigabitEthernet2/0/3
更正后路由信息从PE与P设备互联接口学习到。
7、此时查看LDP分发情况以及私网路由的出口迭代情况恢复正常。
<NE40E>display ip routing-table vpn-instance cnc_signal  10.150.10.0 29  v                                                                                                              Destination: 10.150.10.0/29                                                     
     Protocol: BGP             Process ID: 0                                    
   Preference: 255                   Cost: 0                                    
      NextHop: 60.214.156.153   Neighbour: 221.1.252.130                        
        State: Active Adv GotQ        Age: 00h07m17s                            
          Tag: 0                 Priority: 0                                    
        Label: 109568             QoSInfo: 0x0                                  
 RelayNextHop: 0.0.0.0          Interface: GigabitEthernet2/0/3  //正确的公网LSP迭代出口                
     TunnelID: 0x8080A1             Flags: RD                                                            
<NE40E>display mpls ldp lsp  221.1.252.130 32 
 1      221.1.252.130/32   NULL/3        60.214.159.165  -------/GE2/0/3    //公网标签分配正常    
 2      221.1.252.130/32   1044/3        60.214.159.165  GE1/0/7/GE2/0/3        
*3      221.1.252.130/32   Liberal
8、此时查看vpn instance的路由表,可以看到相关联的私网路由。
根因

路由来源不正确导致无法分配标签形成LSP

解决方案
因为故障时两台NE40E之间配置了一个互联链路,RR1的loopback地址从另外一台NE40E学习过来的,不是从NE5000E直接学过来,所以虽然可以建立LDP LSP会话,不过没办法触发公网标签分配。
(两台NE40E之间没有配置LDP,如果配置了LDP,也可以完成公网标签分配以及生成vpn实例路由)
更正IGP路由配配置后解决。
建议与总结
NE40E以及NE80E等产品,私网路由的写入依赖于公网的LSP是否正常。而公网标签的分配以及LSP的生成需要注意IGP路由的学习路径是否可以触发标签。

END