Friday, June 17, 2011

MPLS Layer 3 VPN Troubleshooting - My Personal Approach

While I am going for my Second CCIE R&S Lab attempt soon, I thought before leaving I must post my MPLS TS Strategy in general despite of fact I will get in my TS lab or not :

Ofcourse people who wanna know what went wrong with First attempt, here is the summary :  http://ieoc.com/forums/t/15436.aspx

Below are the summary steps:

Step 1

=======

CEF is running on MPLS enabled routers

sh ip cef


Step 2
======

loopback advertised into IGP on CE, Also Check IGP configuration like "no auto summary" and "redistribution seed metric, "autonomous system number in EIGRP VRF Configuration".

sh ip int b | e una

sh run | s r [eor]

Step 3
======

Check if VRF is created and applied to proper interface

sh run | s vrf

sh ip vrf detail

sh run int

Check if CE routes are coming to PE

sh ip route vrf


Step 4
======

Check for VRF route target import and export

sh run | s vrf

Step 5
======

Check if LDP is running all over, mpls ip is configured on MPLS facing interfaces.

sh mpls interface

sh mpls ldp neighbor

Step 6
======

Check for MP-BGP and IGP redistribution,

sh run | s r b

sh run | s r [reo]

Check for redistribute metric, For OSPF look for "match internal external 1 external 2" , For eigrp "redistribution metric" should be mentioned.

Step 7
======

Check for MPBGP Config on all routers, look for things like RR config, neighbor activate, send community extended or both, no synchronization, no auto summary, remote as, update source loopback 0

sh run | s r b

sh ip bgp vpnv4 all summ

sh ip bgp vpnv4 all

Step 8
======

Check for Control plane issues on all routers like:

1. ACL

sh access-list

2. CoPP

sh policy-map control-plane

3. Distribute List, Offset-List

sh run | i distribute offset

4. Route-map

sh route-map

5. Rate Limit

sh run | i rate

6. Next Hop and Route Recursion Issues

7. IGP Timers and Password mistmatch issues

8. PBR

sh run | i policy


HTH...
Deepak Arora