No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
VPN Users Cannot Communicate

VPN Users Cannot Communicate

Common Causes

This fault is commonly caused by one of the following:

  • No reachable route exists between user hosts and CEs.

  • CEs do not advertise routing information to directly connected PEs.

  • The local PE does not advertise private network routes to the remote PE.

Troubleshooting Flowchart

Figure 25-4 shows the troubleshooting flowchart.

Figure 25-4 Troubleshooting flowchart for interruption of BGP private network traffic

Troubleshooting Procedure

Procedure

  1. Check that reachable routes exist between CEs.

    On the local CE, ping the remote CE.

    • If the ping succeeds, a reachable route exists between the two CEs. The fault might have occurred on the link between a VPN user host and CE, but not on the link between CEs. Check whether the VPN user host and CE are reachable. If the user host and CE are unreachable, a route is required. If the user host and CE are reachable but cannot ping each other, contact technical support personnel.

    • If the ping fails, run the display ip routing-table command on the local CE to check whether the route to the remote CE exists in the local routing table. Run the display ip routing-table command on the remote CE to check whether a route to the local CE exists. If neither CE has a route to each other or only one CE has a route to the other, a routing failure occurs between the CEs. Go to step 2.

  2. Check routes to the network segments between the CEs.

    There are three network segments between the CEs:

    • Network segment from the local CE to local PE

    • Network segment from the local PE to remote PE

    • Network segment from the remote PE to remote CE

    To rectify the routing failure between the local CE and local PE, and between the remote PE and remote CE, go to step 3. To rectify the routing failure between the local PE and remote PE, go to step 4.

  3. Check that the local and remote CEs have advertised routing information to directly connected PEs.

    Run the display ip routing-table vpn-instance vpn-instance-name command on the PEs to check whether their VPN routing tables contain the routing entries advertised from directly connected CEs.

    • If the CEs do not advertise routing information to directly connected PEs, modify routing configurations of the CEs and PEs.
    • If the CEs advertise routing information to directly connected PEs, go to step 4.
  4. Check that the local PE has advertised private network routes on the remote PE.

    • Run the display ip routing-table vpn-instance vpn-instance-name command on the remote PE to check whether there are routes to the local CE in the VPN routing table.
    • If routes to the local CE exist, run the display ip routing-table vpn-instance vpn-instance-name command on the local PE. If routes to the remote CE also exist, reachable routes exist between the PEs.

    • If no route to the local CE is displayed in the VPN routing table on the remote PE, run the display bgp vpnv4 all peer command to check whether the BGP VPNv4 peer relationship is established between the PEs.

    • If the BGP VPNv4 peer relationship is established between the PEs, check whether VPN targets of the two PEs match. The export VPN target of the local PE must be the same as the import VPN target of the remote PE, and the import VPN target of the local PE must be the same as the export VPN target of the remote PE. If not, modify the configurations to match.

    • If the BGP VPNv4 peer relationship is not established between the PEs, run the display bgp peer command to check the public network BGP peers of the PEs. To rectify the BGP routing failure between PEs, see IP routing troubleshooting.

  5. Collect the following information and contact technical support personnel.

    • Results of the preceding troubleshooting procedure
    • Configuration files, log files, and alarm files of the device

Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000079719

Views: 492491

Downloads: 4523

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next