Using MPLS to Diagnose LSPs, VPNs, and Layer 2 Circuits
MPLS Connection Checking Overview
Use either the J-Web ping MPLS diagnostic tool or the CLI commands ping mpls, ping mpls l2circuit, ping mpls l2vpn, and ping mpls l3vpn to diagnose the state of label-switched
paths (LSPs), Layer 2 and Layer 3 virtual private networks
(VPNs), and Layer 2 circuits.
Based on how the LSP or VPN outbound (egress) node at the remote endpoint of the connection replies to the probes, you can determine the connectivity of the LSP or VPN.
Each probe is an echo request sent to the LSP or VPN exit point as an MPLS packet with a UDP payload. If the outbound node receives the echo request, it checks the contents of the probe and returns a value in the UDP payload of the response packet. If the device receives the response packet, it reports a successful ping response.
Responses that take longer than 2 seconds are identified as failed probes.
Table 1 summarizes
the options for using either the J-Web ping MPLS diagnostic tool or
the CLI ping mpls command to display information about
MPLS connections in VPNs and LSPs.
J-Web Ping MPLS Tool |
ping mpls Command |
Purpose |
Additional Information |
|---|---|---|---|
Ping RSVP-signaled LSP |
|
Checks the operability of an LSP that has been set up by the Resource Reservation Protocol (RSVP). The device pings a particular LSP using the configured LSP name. |
When an RSVP-signaled LSP has several paths, the device sends the ping requests on the path that is currently active. |
Ping LDP-signaled LSP |
|
Checks the operability of an LSP that has been set up by the Label Distribution Protocol (LDP). The device pings a particular LSP using the forwarding equivalence class (FEC) prefix and length. |
When an LDP-signaled LSP has several gateways, the device sends the ping requests through the first gateway. Ping requests sent to LDP-signaled LSPs use only the master routing instance. |
Ping LSP to Layer 3 VPN prefix |
|
Checks the operability of the connections related to a Layer 3 VPN. The device tests whether a prefix is present in a provider edge (PE) device’s VPN routing and forwarding (VRF) table, by means of a Layer 3 VPN destination prefix. |
The device does not test the connection between a PE device and a customer edge (CE) router. |
Locate LSP using interface name |
|
Checks the operability of the connections related to a Layer 2 VPN. The device directs outgoing request probes out the specified interface. |
– |
Instance to which this connection belongs |
|
Checks the operability of the connections related to a Layer 2 VPN. The device pings on a combination of the Layer 2 VPN routing instance name, the local site identifier, and the remote site identifier, to test the integrity of the Layer 2 VPN circuit (specified by the identifiers) between the inbound and outbound PE routers. |
– |
Locate LSP from interface name |
|
Checks the operability of the Layer 2 circuit connections. The device directs outgoing request probes out the specified interface. |
– |
Locate LSP from virtual circuit information |
|
Checks the operability of the Layer 2 circuit connections. The device pings on a combination of the IPv4 prefix and the virtual circuit identifier on the outbound PE router, testing the integrity of the Layer 2 circuit between the inbound and outbound PE routers. |
– |
Ping end point of LSP |
|
Checks the operability of an LSP endpoint. The device pings an LSP endpoint using either an LDP FEC prefix or an RSVP LSP endpoint address. |
– |
Understanding Ping MPLS
Before using the ping MPLS feature, make sure
that the receiving interface on the VPN or LSP remote endpoint has
MPLS enabled, and that the loopback interface on the outbound node
is configured as 127.0.0.1. The source address for MPLS
probes must be a valid address on the J Series device.
This section includes the following topics:
MPLS Enabled
To process ping MPLS requests, the remote endpoint of the VPN or LSP must be configured appropriately. You must enable MPLS on the receiving interface of the outbound node for the VPN or LSP. If MPLS is not enabled, the remote endpoint drops the incoming request packets and returns an “ICMP host unreachable” message to the J Series device.
Loopback Address
The loopback address (lo0) on the outbound node must
be configured as 127.0.0.1. If this interface address is
not configured correctly, the outbound node does not have this forwarding
entry. It drops the incoming request packets and returns a “host
unreachable” message to the J Series device.
Source Address for Probes
The source IP address you specify for a set of probes must be an address configured on one of the J Series device interfaces. If it is not a valid J Series device address, the ping request fails with the error message “Can't assign requested address.”
Using the ping Command
You can perform certain tasks only through the CLI. Use the
CLI ping command to verify that a host can be reached over
the network. This command is useful for diagnosing host and network
connectivity problems. The device sends a series of ICMP echo (ping)
requests to a specified host and receives ICMP echo responses.
Enter the ping command with the following syntax:
user@host> ping host <interface source-interface> <bypass-routing> <count number> <do-not-fragment> <inet | inet6> <interval seconds> <loose-source [hosts]> <no-resolve> <pattern string> <rapid> <record-route> <routing-instance routing-instance-name> <size bytes> <source source-address> <strict> <strict-source [hosts]> <tos number> <ttl number> <wait seconds> <detail> <verbose>
Table 2 describes the ping command options.
To quit the ping command, press Ctrl-C.
Option |
Description |
|---|---|
|
Pings the hostname or IP address you specify. |
|
(Optional) Sends the ping requests on the interface you specify. If you do not include this option, ping requests are sent on all interfaces. |
|
(Optional) Bypasses the routing tables and sends the ping requests only to hosts on directly attached interfaces. If the host is not on a directly attached interface, an error message is returned. Use this option to ping a local system through an interface that has no route through it. |
|
(Optional) Limits the number of ping requests
to send. Specify a count from |
|
(Optional) Sets the Don't Fragment (DF) bit in the IP header of the ping request packet. |
|
(Optional) Forces the ping requests to an IPv4 destination. |
|
(Optional) Forces the ping requests to an IPv6 destination. |
|
(Optional) Sets the interval between ping
requests, in seconds. Specify an interval from |
|
(Optional) For IPv4, sets the loose source routing option in the IP header of the ping request packet. |
|
(Optional) Suppresses the display of the hostnames of the hops along the path. |
|
(Optional) Includes the hexadecimal string you specify, in the ping request packet. |
|
(Optional) Sends ping requests rapidly. The
results are reported in a single message, not in individual messages
for each ping request. By default, five ping requests are sent before
the results are reported. To change the number of requests, include
the |
|
(Optional) For IPv4, sets the record route option in the IP header of the ping request packet. The path of the ping request packet is recorded within the packet and displayed on the screen. |
|
(Optional) Uses the routing instance you specify for the ping request. |
|
(Optional) Sets the size of the ping request
packet. Specify a size from |
|
(Optional) Uses the source address that you specify, in the ping request packet. |
|
(Optional) For IPv4, sets the strict source routing option in the IP header of the ping request packet. |
|
(Optional) For IPv4, sets the strict source routing option in the IP header of the ping request packet, and uses the list of hosts you specify for routing the packet. |
|
(Optional) Sets the type-of-service (TOS)
value in the IP header of the ping request packet. Specify a value
from |
|
(Optional) Sets the time-to-live (TTL) value
for the ping request packet. Specify a value from |
|
(Optional) Sets the maximum time to wait after
sending the last ping request packet. If you do not specify this option,
the default delay is |
|
(Optional) Displays the interface on which the ping response was received. |
|
(Optional) Displays detailed output. |
The following is sample output from a ping command:
user@host> ping host3 count 4
PING host3.site.net (176.26.232.111): 56 data bytes 64 bytes from 176.26.232.111: icmp_seq=0 ttl=122 time=0.661 ms 64 bytes from 176.26.232.111: icmp_seq=1 ttl=122 time=0.619 ms 64 bytes from 176.26.232.111: icmp_seq=2 ttl=122 time=0.621 ms 64 bytes from 176.26.232.111: icmp_seq=3 ttl=122 time=0.634 ms --- host3.site.net ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.619/0.634/0.661/0.017 ms
The fields in the display are the same as those displayed by the J-Web ping host diagnostic tool.
Pinging Layer 2 Circuits
Enter the ping mpls l2circuit command with the following
syntax:
user@host> ping mpls l2circuit (interface interface-name | virtual-circuit neighbor prefix-name virtual-circuit-id) <exp forwarding-class> <count number> <source source-address> <detail>
Table 3 describes
the ping mpls l2circuit command options.
Option |
Description |
|---|---|
|
Sends ping requests out the specified interface configured for the Layer 2 circuit on the outbound PE device. |
|
Pings on a combination of the IPv4 prefix and the virtual circuit identifier on the outbound PE device, testing the integrity of the Layer 2 circuit between the inbound and outbound PE devices. |
|
(Optional) Specifies the value of the forwarding class to be used in the MPLS ping packets. |
|
(Optional) Limits the number of ping requests
to send. Specify a count from |
|
(Optional) Uses the source address that you specify, in the ping request packet. |
|
(Optional) Displays detailed output about the echo requests sent and received. Detailed output includes the MPLS labels used for each request and the return codes for each request. |
To quit the ping mpls l2circuit command, press Ctrl-C.
The following is sample output from a ping mpls l2circuit command:
user@host> ping mpls l2circuit interface fe-1/0/0.0
Request for seq 1, to interface 69, labels <100000, 100208> Reply for seq 1, return code: Egress-ok, time: 0.439 ms
The fields in the display are the same as those displayed by the J-Web ping MPLS diagnostic tool.
Pinging Layer 2 VPNs
Enter the ping mpls l2vpn command with the following
syntax:
user@host> ping mpls l2vpn interface interface-name | instance l2vpn-instance-name local-site-id local-site-id-number remote-site-id remote-site-id-number <bottom-label-ttl> <exp forwarding-class> <count number> <source source-address> <detail>
Table 4 describes
the ping mpls l2vpn command options.
Option |
Description |
|---|---|
|
Sends ping requests out the specified interface configured for the Layer 2 VPN on the outbound (egress) PE device. |
|
Pings on a combination of the Layer 2 VPN routing instance name, the local site identifier, and the remote site identifier, testing the integrity of the Layer 2 VPN circuit (specified by the identifiers) between the inbound (ingress) and outbound PE devices. |
|
(Optional) Displays the time-to-live (TTL) value for the bottom label in the MPLS label stack. |
|
(Optional) Specifies the value of the forwarding class to be used in the MPLS ping packets. |
|
(Optional) Limits the number of ping requests
to send. Specify a count from |
|
(Optional) Uses the source address that you specify, in the ping request packet. |
|
(Optional) Displays detailed output about the echo requests sent and received. Detailed output includes the MPLS labels used for each request and the return codes for each request. |
To quit the ping mpls l2vpn command, press Ctrl-C.
The following is sample output from a ping mpls l2vpn command:
user@host> ping mpls l2vpn instance vpn1 remote-site-id 1 local-site-id 2 detail
Request for seq 1, to interface 68, labels <800001, 100176> Reply for seq 1, return code: Egress-ok Request for seq 2, to interface 68, labels <800001, 100176> Reply for seq 2, return code: Egress-ok Request for seq 3, to interface 68, labels <800001, 100176> Reply for seq 3, return code: Egress-ok Request for seq 4, to interface 68, labels <800001, 100176> Reply for seq 4, return code: Egress-ok Request for seq 5, to interface 68, labels <800001, 100176> Reply for seq 5, return code: Egress-ok --- lsping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss
The fields in the display are the same as those displayed by the J-Web ping MPLS diagnostic tool.
Pinging Layer 3 VPNs
Enter the ping mpls l3vpn command with the following
syntax:
user@host> ping mpls l3vpn prefix prefix-name <l3vpn-name> <bottom-label-ttl> <exp forwarding-class> <count number> <source source-address> <detail>
Table 5 describes
the ping mpls l3vpn command options.
Option |
Description |
|---|---|
|
Pings the remote host specified by the prefix to verify that the prefix is present in the PE device's VPN routing and forwarding (VRF) table. This option does not test the connectivity between a PE device and a CE device. |
|
(Optional) Layer 3 VPN name. |
|
(Optional) Displays the time-to-live (TTL) value for the bottom label in the MPLS label stack. |
|
(Optional) Specifies the value of the forwarding class to be used in the MPLS ping packets. |
|
(Optional) Limits the number of ping requests
to send. Specify a count from |
|
(Optional) Uses the source address that you specify, in the ping request packet. |
|
(Optional) Displays detailed output about the echo requests sent and received. Detailed output includes the MPLS labels used for each request and the return codes for each request. |
To quit the ping mpls l3vpn command, press Ctrl-C.
The following is sample output from a ping mpls l3vpn command:
user@host> ping mpls l3vpn vpn1 prefix 10.255.245.122/32
!!!!! --- lsping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss
The fields in the display are the same as those displayed by the J-Web ping MPLS diagnostic tool.
Pinging RSVP-Signaled LSPs and LDP-Signaled LSPs
Enter the ping mpls command with the following syntax:
user@host> ping mpls (ldp fec | lsp-end-point prefix-name | rsvp lsp-name) <exp forwarding-class> <count number> <source source-address> <detail>
Table 6 describes
the ping mpls command options.
Option |
Description |
|---|---|
|
Pings an LDP-signaled LSP identified by the forwarding equivalence class (FEC) prefix and length. |
|
Pings an LSP endpoint using either an LDP FEC or a RSVP LSP endpoint address. |
|
Pings an RSVP-signaled LSP identified by the specified LSP name. |
|
(Optional) Specifies the value of the forwarding class to be used in the MPLS ping packets. |
|
(Optional) Limits the number of ping requests
to send. Specify a count from |
|
(Optional) Uses the source address that you specify, in the ping request packet. |
|
(Optional) Displays detailed output about the echo requests sent and received. Detailed output includes the MPLS labels used for each request and the return codes for each request. |
To quit the ping mpls command, press Ctrl-C.
The following is sample output from a ping mpls command:
user@host> ping mpls rsvp count 5
!!xxx --- lsping statistics --- 5 packets transmitted, 2 packets received, 60% packet loss 3 packets received with error status, not counted as received.
The fields in the display are the same as those displayed by the J-Web ping MPLS diagnostic tool.