No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Commissioning Guide

This is NE40E V800R010C10SPC500 Commissioning Guide
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Commissioning BGP/MPLS IP VPN

Commissioning BGP/MPLS IP VPN

This section describes how to commission BGP/MPLS IP VPN.

Prerequisites

The following configurations are complete and the device is running normally:

Context

On the network shown in Figure 6-9, BGP/MPLS IP VPN is configured on the network.

Figure 6-9 Typical networking for commissioning BGP/MPLS IP VPN

Procedure

  1. Run the display ip vpn-instance verbose command on the commissioning device to check that VPN instance configurations are correct.

    <HUAWEI> display ip vpn-instance verbose
     Total VPN-Instances configured : 2
    
     VPN-Instance Name and ID : vpnb, 1
      Interfaces : GigabitEthernet6/0/6
                   GigabitEthernet6/0/6.1
     Address family ipv4
      Create date : 2011/05/21 14:43:32
      Up time : 1 days, 23 hours, 44 minutes and 04 seconds
      Route Distinguisher : 152:100
      Export VPN Targets : 100:100
      Import VPN Targets : 100:100
      Label Policy : label per route
      The diffserv-mode Information is : pipe af1 red
      Tunnel Policy : tp
    
     VPN-Instance Name and ID : vpna, 3
      Interfaces : GigabitEthernet1/0/0
     Address family ipv4
      Create date : 2011/05/23 12:13:21
      Up time : 0 days, 02 hours, 14 minutes and 15 seconds
      Route Distinguisher : 100:1
      Export VPN Targets : 111:1
      Import VPN Targets : 111:1
      Label Policy : label per route
    
    

  2. Run the display bgp peer command on the commissioning device to view BGP peer information.

    <HUAWEI> display bgp vpnv4 all peer
    
     BGP local router ID : 172.16.4.152
     Local AS number : 100
     Total number of peers : 2                 Peers in established state : 2
    
      Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  Pr
    efRcv
      2.2.2.2         4         100      146      145     0 02:17:24 Established
        4
    
      Peer of IPv4-family for vpn instance :
    
      VPN-Instance vpnb, router ID 172.16.4.152:
      Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  Pr
    efRcv
      10.1.1.1       4       65410      127      129     0 02:01:47 Established
        4
    

    Check the number of BGP peers and the number of configured VPN instances are correct. The command output in bold shows that the BGP peer relationship is in the Established state, indicating that a BGP peer relationship has been successfully established between PEs.

  3. Run the display bgp vpnv4 routing-table command on the commissioning device to view BGP VPNv4 routing information.

    <HUAWEI> display bgp vpnv4 all routing-table peer 2.2.2.2 advertised-routes 
    
     BGP Local router ID is 172.16.4.152
     Status codes: * - valid, > - best, d - damped,
                   h - history,  i - internal, s - suppressed, S - Stale
                   Origin : i - IGP, e - EGP, ? - incomplete
    
    
     Total Number of Routes: 4
     Route Distinguisher: 100:1
    
    
          Network            NextHop        MED        LocPrf    PrefVal Path/Ogn
    
     *>   10.1.1.0/24       0.0.0.0         0                     0      ?
     *>   192.168.1.0/24     10.1.1.1       0                     0      65410?
     *>   160.160.160.160/32 10.1.1.1       0                     0      65410?
     *>   172.16.0.0         10.1.1.1       0                     0      65410?
    
    <HUAWEI> display bgp vpnv4 all routing-table peer 2.2.2.2 received-routes  
    
     BGP Local router ID is 172.16.4.152
     Status codes: * - valid, > - best, d - damped,
                   h - history,  i - internal, s - suppressed, S - Stale
                   Origin : i - IGP, e - EGP, ? - incomplete
    
    
     Total Number of Routes: 4
     Route Distinguisher: 200:1
    
    
          Network            NextHop        MED        LocPrf    PrefVal Path/Ogn
    
     *>i  10.1.5.0/24        2.2.2.2         0          100        0      65420?
     *>i  10.1.2.0/24       2.2.2.2         0          100        0      ?
     *>i  122.122.122.122/32 2.2.2.2         0          100        0      65420?
     *>i  172.16.0.0         2.2.2.2         0          100        0      65420?
    
    

    Check that the sent and received BGP routes are correct. First check whether or not the routes sent by the PE are correct, meaning whether or not some necessary routes are not sent but some unnecessary routes are sent. Then do the same for the routes received from the peer PE.

  4. Run the display ip routing-table vpn-instance command on the commissioning device to view the routing table of the VPN instance.

    <HUAWEI> display ip routing-table vpn-instance vpna
    Route Flags: R - relay, D - download for forwarding
    ------------------------------------------------------------------------------
    Routing Table : vpna
             Destinations : 9        Routes : 9
    
    Destination/Mask    Proto  Pre  Cost        Flags NextHop         Interface
    
           10.1.5.0/24  BGP    255  0             RD 2.2.2.2         LDP LSP
          10.1.1.0/24  Direct 0    0             D  10.1.1.2       GigabitEthernet1/0/0
          10.1.1.2/32  Direct 0    0             D  10.0.0.1       GigabitEthernet1/0/0
        10.1.1.255/32  Direct 0    0             D  10.0.0.1       GigabitEthernet1/0/0
          10.1.2.0/24  BGP    255  0             RD 2.2.2.2         LDP LSP
    122.122.122.122/32  BGP    255  0             RD 2.2.2.2         LDP LSP
        192.168.1.0/24  BGP    255  0             RD 10.1.1.1       GigabitEthernet1/0/0
    160.160.160.160/32  BGP    255  0             RD 10.1.1.1       GigabitEthernet1/0/0
         172.16.0.0/16  BGP    255  0             RD 10.1.1.1       GigabitEthernet1/0/0
    

    The command output shows whether or not the received BGP routes are injected into the routing table of the VPN instance. If BGP routes are received but are not injected into the routing table of the VPN instance, the probable cause is that the public network tunnel is not established, or the routes are filtered by a routing policy.

  5. Run the ping command on CE1 to test the connectivity of the link between CE1 and CE2.

    <HUAWEI> ping 10.1.2.2
      PING 10.1.2.2: 56  data bytes, press CTRL_C to break
        Reply from 10.1.2.1: bytes=56 Sequence=1 ttl=255 time=7 ms
        Reply from 10.1.2.1: bytes=56 Sequence=2 ttl=255 time=1 ms
        Reply from 10.1.2.1: bytes=56 Sequence=3 ttl=255 time=1 ms
        Reply from 10.1.2.1: bytes=56 Sequence=4 ttl=255 time=1 ms
        Reply from 10.1.2.1: bytes=56 Sequence=5 ttl=255 time=1 ms
    
      --- 10.1.2.2 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 1/2/7 ms                                 
    

    The preceding command output shows that two CEs in the same VPN can communicate with each other.

Troubleshooting

If BGP traffic in the VPN is interrupted, complete the following:

  1. Check that next hops of routes are reachable.

    Run the display bgp vpnv4 vpn-instance vpn-instance-name routing-table ipv4-address [ mask | mask-length ] command on the PE that sends routes (the local PE) to check that the target route exists. ipv4-address specifies the prefix of the target route.

    • If the target route does not exist, check whether or not the route of a CE is advertised to the local PE.

    • If the target route exists, check that it is active. The following is an example:

    Assume that the target route is a route to 1.1.1.1/32. The following command output shows that this route is active and selected. The original next hop and iterated next hop of this route are 3.3.3.3 and 20.1.1.2 respectively.

    <HUAWEI> display bgp vpnv4 vpn-instance vpna routing-table 1.1.1.1
    
     BGP local router ID : 172.16.4.152
     Local AS number : 100
    
     VPN-Instance vpna, router ID 172.16.4.152:
     Paths:   1 available, 1 best, 1 select
     BGP routing table entry information of 1.1.1.1/32:
     Imported route.
     Label information (Received/Applied): NULL/34
     From: 172.18.1.1 (1.1.1.1)
     Route Duration: 0d02h07m04s
     Direct Out-interface: GigabitEthernet2/0/0
     Original nexthop: 3.3.3.3
     Qos information : 0x0
     AS-path Nil, origin incomplete, MED 0, pref-val 0, valid, local, best, select,
    pre 0
     Not advertised to any peer yet
    
    
    • If the target route is inactive, check whether or not there is a route to the original next hop in the IP routing table. If there is none, it indicates that the BGP route is not advertised because its next hop is unreachable. Then, find out why there is no route to the original next hop (this fault is generally associated with IGP or static routes).

    • If the target route is valid and best but there is no information indicating that this route is sent to the remote PE, perform Step 2 to check the outbound policy applied to the local PE.

    • Run the display bgp vpnv4 all routing-table ipv4-address { mask | mask-length } command on the remote PE to check that it has received the target route.

      • If the remote PE has received the target route, perform Step 1 again to check whether the next hop of the route is reachable and if this route is selected.

      • If the remote PE has not received the target route, perform Step 2 to check the inbound policy applied to the remote PE.

  2. Check that the routing policies are configured correctly.

    Run the display current-configuration configuration bgp command on the local PE and remote PE to check that inbound and outbound policies are configured.

    NOTE:

    You only need to focus on peers of the BGP-VPNv4 address family or BGP-VPN instance address family when private network traffic is interrupted.

    <HUAWEI> display current-configuration configuration bgp
    #
    bgp 100
     peer 1.1.1.1 as-number 200
     #
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.1 enable
     #
     ipv6-family unicast
      undo synchronization
     #
     ipv4-family vpnv4
      policy vpn-target
      peer 1.1.1.1 enable
      peer 1.1.1.1 filter-policy acl-name acl-name import
      peer 1.1.1.1 filter-policy acl-name acl-name export
      peer 1.1.1.1 as-path-filter 1 import
      peer 1.1.1.1 as-path-filter 1 export
      peer 1.1.1.1 ip-prefix prefix-name import
      peer 1.1.1.1 ip-prefix prefix-name export
      peer 1.1.1.1 route-policy policy-name import
      peer 1.1.1.1 route-policy policy-name export
     #
     ipv4-family vpn-instance vpna
      peer 10.1.1.1 as-number 300
      peer 10.1.1.1 filter-policy acl-name acl-name import
      peer 10.1.1.1 filter-policy acl-name acl-name export
      peer 10.1.1.1 as-path-filter 1 import
      peer 10.1.1.1 as-path-filter 1 export
      peer 10.1.1.1 ip-prefix prefix-name import
      peer 10.1.1.1 ip-prefix prefix-name export
      peer 10.1.1.1 route-policy policy-name import
      peer 10.1.1.1 route-policy policy-name export
    #
    return
    • If inbound and outbound policies are configured on the two devices, you need to check whether or not the target route is filtered by these policies. For detailed configurations of a routing policy, see the HUAWEI NetEngine40E Universal Service Router Configuration Guide - IP Routing.

    • If inbound and outbound policies are not configured on the two ends, go to Step 3.

  3. Check that routes can be iterated to a tunnel.

    Run the display bgp vpnv4 all routing-table ipv4-address [ mask | mask-length ] command on the remote PE to check whether the target route can be iterated to a tunnel.

    Assume that the target route is a route to 10.1.5.2/32. If the Relay Tunnel Name field in the command output are not empty, it indicates that this route can be iterated to a tunnel.

    <HUAWEI> dis bgp vpnv4 all routing-table 10.1.5.2
    BGP local router ID : 2.2.2.2
     Local AS number : 100
     
     Total routes of Route Distinguisher(1:2): 1
     BGP routing table entry information of 10.1.5.2/32:
     Label information (Received/Applied): 13316/NULL
     From: 1.1.1.1 (1.1.1.1)
     Route Duration: 00h00m08s
     Relay IP Nexthop: 172.18.1.1
     Relay IP Out-Interface: GigabitEthernet2/0/0
     Relay Tunnel Name: ldp
     Original nexthop: 1.1.1.1
     Qos information : 0x0
     Ext-Community:RT <1 : 1>
     AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, select, pre 255     
     Not advertised to any peer yet
     
     Total routes of vpn-instance vpna: 1
     BGP routing table entry information of 10.1.5.2/32:
     Label information (Received/Applied): 13316/NULL
     From: 1.1.1.1 (1.1.1.1)
     Route Duration: 00h00m07s
     Relay Tunnel Name: ldp
     Original nexthop: 1.1.1.1
     Qos information : 0x0
     Ext-Community:RT <1 : 1>
     AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, internal, best, select, active, pre 255
     Not advertised to any peer yet
    • If the target route fails to be iterated to a tunnel, check whether the associated tunnel exists or whether the tunnel configurations are correct. For details, see the HUAWEI NetEngine40E Troubleshooting - MPLS.

    • If the target route can be iterated to a tunnel, go to Step 4.

  4. Check whether or not routes fail to be added to the VPN routing table because the configured import RT and export RT do not match.

    Run the display current-configuration configuration vpn-instance command on the local PE and remote PE to check if routes fail to be added to the VPN routing table of the remote PE after being sent to the remote PE because the export RT of the local VPN instance does not match the import RT of the remote VPN instance.

    export-extcommunity indicates an export RT, and import-extcommunity indicates an import RT.

    <HUAWEI> display current-configuration configuration vpn-instance
    #
    ip vpn-instance vpna
     route-distinguisher 1:1
     apply-label per-instance
     vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity
    ip vpn-instance vpnb
     route-distinguisher 1:2
     vpn-target 1:1 export-extcommunity
     vpn-target 1:1 import-extcommunity
    #
    return
    • If the export RT of the local VPN instance does not match the import RT of the remote VPN instance, configure matching VPN-targets in the VPN instance.

    • If the export RT of the local VPN instance matches the import RT of the remote VPN instance, go to Step 5.

  5. Check that the number of labels does not exceed the limit.

    Check that MPLS is enabled on the local PE. Then, run the display bgp vpnv4 all routing-table ipv4-address [ mask | mask-length ] command to check whether or not the target route has been assigned a VPN label.

    If there is no Label information field in the command output, it indicates that labels may be insufficient. As a result, the target route is not assigned a label and is not advertised to the peer.

    <HUAWEI> display bgp vpnv4 all routing-table 10.0.0.0
     
     BGP local router ID : 1.1.1.1
     Local AS number : 10.1
     
     Total routes of Route Distinguisher(10.1:4): 1
     BGP routing table entry information of 10.0.0.0/30:
     Label information (Received/Applied): 259794/NULL
     From: 2.2.7.2 (2.2.2.2)  
     Route Duration: 0d00h01m35s
     Relay IP Nexthop: 14.0.0.2
     Relay IP Out-interface: GigabitEthernet1/0/3
     Relay Tunnel Name: LDP LSP
     Original nexthop: 4.4.0.4
     Qos information : 0x0            
     Community: <7:7>
     Ext-Community: RT <7 : 7>
     AS-path 200.1 55, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255
     Originator: 4.4.4.4
     Cluster list: 2.2.2.2, 3.3.3.3
     Not advertised to any peer yet
        
     VPN-Instance vpnv4-te-a, router ID 1.1.1.1:
    
     Total Number of Routes: 1 
     BGP routing table entry information of 10.0.0.0/30:
     Label information (Received/Applied): 259794/NULL
     From: 2.2.7.2 (2.2.2.2)  
     Route Duration: 0d00h01m40s
     Relay Tunnel Name: Tunnel14
     Original nexthop: 4.4.0.4
     Qos information : 0x0            
     Community: <7:7>
     Ext-Community: RT <7 : 7>
     AS-path 200.1 55, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255
     Originator: 4.4.4.4
     Cluster list: 2.2.2.2, 3.3.3.3
     Advertised to such 1 peers:
        11.0.1.10
    
    • If labels are insufficient, run the apply-label per-instance command in the VPN instance view to configure the device to assign a label to each instance to save labels. You can also configure route summarization to reduce the number of routes.

    • If labels are sufficient, go to Step 6.

  6. Check that the number of routes does not exceed the limit.

    Run the display current-configuration configuration bgp | include peer destination-address command and the display current-configuration configuration bgp | include peer group-name command (if the peer is added to a peer group) on the remote PE to check whether or not the limit on the number of routes to be received is configured on the remote PE.

    For example, if the upper limit is set to 5, subsequent routes are dropped and a log is recorded after the remote PE receives five routes from the local PE at 1.1.1.1.

    <HUAWEI> display current-configuration configuration bgp | include peer 1.1.1.1
     peer 1.1.1.1 as-number 100
     peer 1.1.1.1 route-limit 5 alert-only
      peer 1.1.1.1 enable

    If the peer is added to a peer group, there may be no configurations about the route limit in the command output.

    <HUAWEI> display current-configuration configuration bgp | include peer 1.1.1.1
     peer 1.1.1.1 as-number 100
     peer 1.1.1.1 group IBGP
      peer 1.1.1.1 enable
      peer 1.1.1.1 group IBGP

    In this case, you need to run the display current-configuration configuration bgp | include peer group-name command to check configurations of this peer group.

    <HUAWEI> display current-configuration configuration bgp | include peer IBGP
     peer IBGP route-limit 5 alert-only
      peer IBGP enable

    If the log BGP/3/ROUTPRIX_EXCEED is generated when traffic is interrupted, the target route is dropped because the route limit has been exceeded, and the limit needs to be increased.

    NOTE:

    Changing the upper limit on the number of routes to be received from a peer interrupts the BGP peer relationship. Therefore, it is recommended to reduce the number of sent routes by configuring route summarization on the local device.

  7. Collect the following information and contact Huawei technical support personnel.

    • Results of the preceding operation procedure
    • Configuration files, log files, and alarm files of the devices
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055014

Views: 4841

Downloads: 63

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next