Some Single-Point MPLS VPN Services Are Interrupted

Publication Date:  2015-06-09 Views:  210 Downloads:  0
Issue Description
In the following figure, the AR2240 is the access router (JR), the NE20E-X6 is the aggregation router (HJ), and Cisco device is the core device (HX). HX1 and HX2 are BGP VPNv4 RRs, and all HJs and JRs have BGP and MPLS enabled.

The video VPN service from JR1 to HX1 cannot be forwarded. On some JRs, MPLS VPN services cannot be forwarded and routes on the core side are unreachable. Such problems do not exist on HJs.



Version information:
AR2240: V200R003C01SPC900
NE20E-X6: NE20E-X6 Version V600R003C00SPCa00B10u
Handling Process
1. Run the display ip routing-table vpn-instance video command to check the routing table of the VPN instance IPv4 address family. There is no route of 172.24.11.248/29.

172.24.11.8/29   IBGP    255  0          RD   18.14.8.2       GigabitEthernet0/0/1 172.24.11.16/29  IBGP    255  0          RD   18.14.8.1       GigabitEthernet0/0/1
172.24.11.24/29  IBGP    255  0          RD   18.14.8.3       GigabitEthernet0/0/1
172.24.11.32/29  IBGP    255  0          RD   18.14.8.4       GigabitEthernet0/0/1
172.24.11.40/29  IBGP    255  0          RD   18.14.8.5       GigabitEthernet0/0/1
172.24.11.80/29  Direct   0    0           D    172.24.11.86    Vlanif3
172.24.11.86/32  Direct   0    0           D    127.0.0.1        Vlanif3
172.24.11.87/32  Direct   0    0           D    127.0.0.1       Vlanif3
172.24.11.88/29   IBGP    255  0          RD   18.14.9.2       GigabitEthernet0/0/1
172.24.11.96/29   IBGP    255  0          RD   18.14.9.3       GigabitEthernet0/0/1
172.24.11.112/29  IBGP    255  0          RD   18.14.9.5       GigabitEthernet0/0/1
172.24.11.120/29  IBGP    255  0          RD   18.14.9.6       GigabitEthernet0/0/1
172.24.11.128/29  IBGP    255  0          RD   18.14.9.7       GigabitEthernet0/0/1
172.24.11.136/29  IBGP    255  0          RD   18.14.9.8       GigabitEthernet0/0/1
172.24.11.144/29  IBGP    255  0          RD   18.14.9.9       GigabitEthernet0/0/1
172.24.11.152/29  IBGP    255  0          RD   18.14.9.10      GigabitEthernet0/0/1
172.24.12.0/29    IBGP    255  0          RD   18.14.4.7       GigabitEthernet0/0/1

2. Run the display bgp vpnv4 vpn-instance video routing-table | include 172.24.11 command to check BGP routes of the specified VPN instance. There is the route of 172.24.11.248/29, but the route is not the optimal one.

BGP Local router ID is 172.16.42.98

Status codes: * - valid, > - best, d - damped,

               h - history,  i - internal, s - suppressed, S - Stale
            Origin : i - IGP, e - EGP, ? - incomplete

VPN-Instance video, Router ID 172.16.42.98:

Total Number of Routes: 1262

      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

   i  172.24.11.0/29     172.16.41.10               100        0      i
*>i  172.24.11.8/29     18.14.8.2       0          100        0      ?
*>i  172.24.11.16/29    18.14.8.1       0          100        0      ?
*>i  172.24.11.24/29    18.14.8.3       0          100        0      ?
*>i  172.24.11.32/29    18.14.8.4       0          100        0      ?
*>i  172.24.11.40/29    18.14.8.5       0          100        0      ?
*>   172.24.11.80/29    0.0.0.0         0                     0      ?
*>   172.24.11.86/32    0.0.0.0         0                     0      ?
*>i  172.24.11.88/29    18.14.9.2       0          100        0      ?
*>i  172.24.11.96/29    18.14.9.3       0          100        0      ?
*>i  172.24.11.112/29   18.14.9.5       0          100        0      ?
*>i  172.24.11.120/29   18.14.9.6       0          100        0      ?
*>i  172.24.11.128/29   18.14.9.7       0          100        0      ?
*>i  172.24.11.136/29   18.14.9.8       0          100        0      ?
*>i  172.24.11.144/29   18.14.9.9       0          100        0      ?
*>i  172.24.11.152/29   18.14.9.10      0          100        0      ?
i  172.24.11.248/29   172.16.40.5                100        0      ?

3. Run the display mpls lsp command to check LSP setup. There is no label of 172.24.11.248/29 on JR1, but the label of 172.24.11.248/29 exists on JR2 and HJs.

4. Run the display mpls lsp statistics command on JR1 and JR2 to check the number of LSPs in Up state. There are about 3000 MPLS LSPs and many LSPs triggered by 32-bit host routes.

Through communication with the customer, the network is just one network of a county. There are about 20 similar networks and about 200 JRs in one OSPF area.

The number of labels may exceed the limit, so JR2 cannot allocate labels. Through confirmation, a JR allows 2000 labels.

5. Use the following solutions to solve the problem:
  • Upgrade the device version to increase the label table size on JRs.
  • Enable label filtering on JR2. JR2 then allocates labels to the required tunnels only.
mpls
lsp-trigger ip-prefix test
#
mpls ldp
propagate mapping for ip-prefix test
#
ip ip-prefix test index 10 permit 172.24.0.0 16 greater-equal 16 less-equal 32   //The host and service network segment needs to be configured.
ip ip-prefix test index 10 permit x.x.x.x 32  //LDP peer LSR ID
  • Optimize the network plan, use flattened networking to reduce the routing table size on endpoints.
Root Cause
Primary cause: The customer network plan is improper.

 In a single area, there are too many OSPF routers and routing entries. Many host routes that are not used for tunnel setup wastes labels. After the fault is rectified, we find that Huawei requires no more than 50 tunnels. There is no hierarchical deployment. It is recommended that IS-IS be deployed at the core layer and OSPF at the access layer and different areas be assigned for different counties. You can configure the stub area or NSSA to reduce the number of routing entries in a single area.

 The MPLS VPN plan is not proper. There is no CE. The services that should be transmitted on the CE are all transmitted on the PE. According to the root cause and label capacity, the load of the PE is too heavy.

Secondary cause: The label capacity of the AR2240 is not enough.
Suggestions
The network plan should be proper. Use hierarchical deployment and reduce the number of routing entries in a single area. When deploying MPLS VPN, notice the load of the PE and check whether the label specifications are exceeded.

END