No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
BGP Private Network Traffic Is Interrupted

BGP Private Network Traffic Is Interrupted

Common Causes

This troubleshooting case describes how to clear the fault that BGP private network routes is interrupted when the BGP peer relationship is normal.

This fault is commonly caused by one of the following:

  • Routes are inactive because the next hops are unreachable.

  • Routes fail to be advertised or received because routing policies are incorrectly configured.

  • Private network routes fail to be advertised because the number of labels exceeds the upper limit.

  • Routes are inactive because they fail to be iterated to a tunnel.

  • Routes fail to be added to the VPN routing table because the configured import route-target (RT) and export RT do not match.

  • The received routes are dropped because there is an upper limit on the number of routes on the device.

Troubleshooting Flowchart

BGP private network traffic is interrupted after the BGP protocol is configured.

Figure 19-7 shows the troubleshooting flowchart.

Figure 19-7 Troubleshooting flowchart for interruption of BGP private network traffic

Troubleshooting Procedure

Context

NOTE:

Saving the results of each troubleshooting step is recommended. If you are unable to correct the fault, you will have a record of your actions to provide technical support personnel.

Procedure

  1. Check that next hops of routes are reachable.

    Run the display bgp vpnv4 vpn-instance vpn-instance-name routing-table ipv4-address [ mask | mask-length ] command on the PE that sends routes (that is, the local PE) to check whether the target route exists. ipv4-address specifies the prefix of the target route.

    • If the target route does not exist, check whether the route of a CE is advertised to the local PE.

    • If the target route exists, check whether it is active. The following is an example:

    Assume that the target route is a route to 1.1.1.1/32. The following command output shows that this route is active and selected. The original next hop and iterated next hop of this route are 3.3.3.3 and 20.1.1.2 respectively.

    <Huawei> display bgp vpnv4 vpn-instance vpna routing-table 1.1.1.1
    
     BGP local router ID : 20.1.1.2
     Local AS number : 100
     Paths:   1 available, 1 best, 1 select
     BGP routing table entry information of 1.1.1.1/32:
     From: 20.1.1.1 (1.1.1.1)
     Route Duration: 00h00m03s
     Relay IP Nexthop: 20.1.1.2
     Relay IP Out-Interface: GigabitEthernet1/0/0
     Original nexthop: 3.3.3.3
     Qos information : 0x0
     AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255
     Not advertised to any peer yet

    • If the target route is inactive, check whether there is a route to the original next hop in the IP routing table. If there is no route to the original next hop, the BGP route is not advertised because the next hop of the BGP route is unreachable. In this case, find out why there is no route to the original next hop (this fault is generally associated with IGP or static routes).

    • If the target route is active and selected but there is no information indicating that this route is sent to the remote PE, go to Step 2 to check the outbound policy applied to the local PE.

    Run the display bgp vpnv4 all routing-table network { mask | mask-length } command on the remote PE to check whether it has received the target route.

    • If the remote PE has received the target route, perform Step 1 again to check whether the next hop of the route is reachable and whether this route is selected.

    • If the remote PE has not received the target route, go to Step 2 to check the inbound policy of the remote PE.

  2. Check that routing policies are configured correctly.

    Run the display current-configuration configuration bgp command on the local PE and remote PE to check whether inbound and outbound policies are configured.

    NOTE:

    Only focus on peers of the BGP-VPNv4 address family or BGP-VPN instance address family in this troubleshooting case because private network traffic is interrupted.

    <Huawei> display current-configuration configuration bgp
    #
    bgp 100
     peer 1.1.1.1 as-number 200
     #
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.1 enable
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.1 enable
      peer 1.1.1.1 filter-policy acl-name acl-name import
      peer 1.1.1.1 filter-policy acl-name acl-name export
      peer 1.1.1.1 as-path-filter 1 import
      peer 1.1.1.1 as-path-filter 1 export
      peer 1.1.1.1 ip-prefix prefix-name import
      peer 1.1.1.1 ip-prefix prefix-name export
      peer 1.1.1.1 route-policy policy-name import
      peer 1.1.1.1 route-policy policy-name export
     #
     ipv4-family vpn-instance vpna
      peer 10.1.1.1 as-number 300
      peer 10.1.1.1 filter-policy acl-name acl-name import
      peer 10.1.1.1 filter-policy acl-name acl-name export
      peer 10.1.1.1 as-path-filter 1 import
      peer 10.1.1.1 as-path-filter 1 export
      peer 10.1.1.1 ip-prefix prefix-name import
      peer 10.1.1.1 ip-prefix prefix-name export
      peer 10.1.1.1 route-policy policy-name import
      peer 10.1.1.1 route-policy policy-name export
    #
    return

    • If inbound and outbound policies are configured on the two devices, check whether the target route fails to be transmitted because it is filtered by these policies. For detailed configurations of a routing policy, see the Huawei AR Series Access Routers Configuration Guide - IP Routing.

    • If inbound and outbound policies are not configured on the two devices, go to Step 3.

  3. Check that routes can be iterated to a tunnel.

    Run the display bgp vpnv4 all routing-table ipv4-address [ mask | mask-length ] command on the remote PE to check whether the target route can be iterated to a tunnel.

    Assume that the target route is a route to 50.1.1.2/32. If the Relay Tunnel Out-Interface field and Relay token field in the command output are not empty, it indicates that this route can be iterated to a tunnel.

    <Huawei> dis bgp vpnv4 all routing-table 50.1.1.2
    BGP local router ID : 2.2.2.2
     Local AS number : 100
     
     Total routes of Route Distinguisher(1:2): 1
     BGP routing table entry information of 50.1.1.2/32:
     Label information (Received/Applied): 13316/NULL
     From: 1.1.1.1 (1.1.1.1)
     Route Duration: 00h00m08s
     Relay IP Nexthop: 20.1.1.1
     Relay IP Out-Interface: GigabitEthernet1/0/0
     Relay Tunnel Out-Interface: GigabitEthernet1/0/0
     Relay token: 0x1002
     Original nexthop: 1.1.1.1
     Qos information : 0x0
     Ext-Community:RT <1 : 1>
     AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, select, pre 255     
     Not advertised to any peer yet
     
     Total routes of vpn-instance vpna: 1
     BGP routing table entry information of 50.1.1.2/32:
     Label information (Received/Applied): 13316/NULL
     From: 1.1.1.1 (1.1.1.1)
     Route Duration: 00h00m07s
     Relay Tunnel Out-Interface: GigabitEthernet1/0/0
     Relay token: 0x1002
     Original nexthop: 1.1.1.1
     Qos information : 0x0
     Ext-Community:RT <1 : 1>
     AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255
     Not advertised to any peer yet

    • If the target route fails to be iterated to a tunnel, run the display ip vpn-instance verbose [ vpn-instance-name ] command to check the Tunnel Policy field. If this field is not displayed, it indicates that the VPN instance selects an LDP LSP or no tunnel policy is configured for the VPN instance.

      If the tunnel between both ends is not Up, refer to the session LDP LSP Goes Down to locate the fault and ensure that the tunnel goes Up.

    • If the target route can be iterated to a tunnel, go to Step 4.

  4. Check whether routes fail to be added to the VPN routing table because the configured import RT and export RT do not match.

    Run the display current-configuration configuration vpn-instance command on the local PE and remote PE to check whether routes fail to be added to the VPN routing table of the remote PE after being sent to the remote PE because the export RT of the local VPN instance does not match the import RT of the remote VPN instance.

    export-extcommunity indicates an export RT, and import-extcommunity indicates an import RT.

    <Huawei> display current-configuration configuration vpn-instance
    #
    ip vpn-instance vpna
     route-distinguisher 1:1
     apply-label per-instance
     vpn-target 1:1 export-extcommunity
     vpn-target 1:1 import-extcommunity
    ip vpn-instance vpnb
     route-distinguisher 1:2
     vpn-target 1:1 export-extcommunity
     vpn-target 1:1 import-extcommunity
    #
    return
    • If the export RT of the local VPN instance does not match the import RT of the remote VPN instance, configure matching VPN-targets in the VPN instance.

    • If the export RT of the local VPN instance matches the import RT of the remote VPN instance, go to Step 5.

  5. Check that the number of labels is below the upper limit.

    Check whether MPLS is enabled on the local PE. Run the display bgp vpnv4 all routing-table ipv4-address [ mask | mask-length ] command to check whether the target route is assigned a VPN label.

    If there is no Label information field in the command output, the number of labels may have reached the upper limit. As a result, the target route is not assigned a label and is not advertised to the peer.

    <Huawei> display bgp vpnv4 all routing-table 100.1.1.1
    
     BGP local router ID : 10.1.1.2
     Local AS number : 100
     
     Total routes of Route Distinguisher(1:1): 1
     BGP routing table entry information of 100.1.1.0/24:
     Imported route.
     Label information (Received/Applied): NULL/13312
     
     
    From: 0.0.0.0 (0.0.0.0)
     Route Duration: 00h21m24s
     Direct Out-interface: NULL0
     Original nexthop: 0.0.0.0
     Qos information : 0x0
     Ext-Community:RT <1 : 1>
     AS-path Nil, origin incomplete, MED 0, pref-val 0, valid, local, best, select, pre 255
     Advertised to such 1 peers:
        1.1.1.1
     
     Total routes of vpn-instance vpna: 1
     BGP routing table entry information of 100.1.1.0/24:
     Imported route.
     From: 0.0.0.0 (0.0.0.0)
     Route Duration: 00h21m24s
     Direct Out-interface: NULL0
     Original nexthop: 0.0.0.0
     Qos information : 0x0
     AS-path Nil, origin incomplete, MED 0, pref-val 0, valid, local, best, select, pre 60
     Not advertised to any peer yet
    
    • If the number of labels has reached the upper limit, run the apply-label per-instance command in the VPN instance view to configure the device to assign one label to each instance to reduce label usage. Route summarization can also be configured to reduce the number of routes.

    • If the number of labels is below the upper limit, go to Step 6.

  6. Check that the number of routes is below the upper limit.

    If the peer is added to a peer group, run the display current-configuration configuration bgp | include peer destination-address command or the display current-configuration configuration bgp | include peer group-name command on the remote PE to check whether the upper limit on the number of routes to be received is configured on the remote PE.

    For example, if the upper limit is set to 5, subsequent routes are dropped and a log is recorded after the remote PE receives five routes from the local PE at 1.1.1.1.

    <Huawei> display current-configuration configuration bgp | include peer 1.1.1.1
     peer 1.1.1.1 as-number 100
     peer 1.1.1.1 route-limit 5 alert-only
      peer 1.1.1.1 enable

    If the peer is added to a peer group, there may be no configurations about the upper limit in the command output.

    <Huawei> display current-configuration configuration bgp | include peer 1.1.1.1
     peer 1.1.1.1 as-number 100
     peer 1.1.1.1 group IBGP
      peer 1.1.1.1 enable
      peer 1.1.1.1 group IBGP

    In this case, run the display current-configuration configuration bgp | include peer group-name command to check configuration of this peer group.

    <Huawei> display current-configuration configuration bgp | include peer IBGP
     peer IBGP route-limit 5 alert-only
      peer IBGP enable

    If the log BGP/4/ROUTPRIX_EXCEED is generated when traffic is interrupted, the target route is dropped because the number of routes received has exceeded the upper limit. In this case, increase the upper limit.

    NOTE:

    Changing the upper limit on the number of routes to be received from a peer interrupts the BGP peer relationship. Therefore, reducing the number of sent routes by configuring route summarization on the local device is recommended.

  7. Please contact technical support personnel and provide them with the following information.

    • Results of the preceding troubleshooting procedure
    • Configuration files, log files, and alarm files of the devices

Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000079719

Views: 495181

Downloads: 4533

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next