Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Using MPLS to Diagnose LSPs, VPNs, and Layer 2 Circuits

MPLS Connection Checking Overview

Use either the J-Web ping MPLS diagnostic tool or the CLI commands ping mpls, ping mpls l2circuit, ping mpls l2vpn, and ping mpls l3vpn to diagnose the state of label-switched paths (LSPs), Layer 2 and Layer 3 virtual private networks (VPNs), and Layer 2 circuits.

Based on how the LSP or VPN outbound (egress) node at the remote endpoint of the connection replies to the probes, you can determine the connectivity of the LSP or VPN.

Each probe is an echo request sent to the LSP or VPN exit point as an MPLS packet with a UDP payload. If the outbound node receives the echo request, it checks the contents of the probe and returns a value in the UDP payload of the response packet. If the device receives the response packet, it reports a successful ping response.

Responses that take longer than 2 seconds are identified as failed probes.

Table 1 summarizes the options for using either the J-Web ping MPLS diagnostic tool or the CLI ping mpls command to display information about MPLS connections in VPNs and LSPs.

Table 1: Options for Checking MPLS Connections

J-Web Ping MPLS Tool

ping mpls Command

Purpose

Additional Information

Ping RSVP-signaled LSP

ping mpls rsvp

Checks the operability of an LSP that has been set up by the Resource Reservation Protocol (RSVP). The device pings a particular LSP using the configured LSP name.

When an RSVP-signaled LSP has several paths, the device sends the ping requests on the path that is currently active.

Ping LDP-signaled LSP

ping mpls ldp

Checks the operability of an LSP that has been set up by the Label Distribution Protocol (LDP). The device pings a particular LSP using the forwarding equivalence class (FEC) prefix and length.

When an LDP-signaled LSP has several gateways, the device sends the ping requests through the first gateway.

Ping requests sent to LDP-signaled LSPs use only the master routing instance.

Ping LSP to Layer 3 VPN prefix

ping mpls l3vpn

Checks the operability of the connections related to a Layer 3 VPN. The device tests whether a prefix is present in a provider edge (PE) device’s VPN routing and forwarding (VRF) table, by means of a Layer 3 VPN destination prefix.

The device does not test the connection between a PE device and a customer edge (CE) router.

Locate LSP using interface name

ping mpls l2vpn interface

Checks the operability of the connections related to a Layer 2 VPN. The device directs outgoing request probes out the specified interface.

Instance to which this connection belongs

ping mpls l2vpn instance

Checks the operability of the connections related to a Layer 2 VPN. The device pings on a combination of the Layer 2 VPN routing instance name, the local site identifier, and the remote site identifier, to test the integrity of the Layer 2 VPN circuit (specified by the identifiers) between the inbound and outbound PE routers.

Locate LSP from interface name

ping mpls l2circuit interface

Checks the operability of the Layer 2 circuit connections. The device directs outgoing request probes out the specified interface.

Locate LSP from virtual circuit information

ping mpls l2circuit virtual-circuit

Checks the operability of the Layer 2 circuit connections. The device pings on a combination of the IPv4 prefix and the virtual circuit identifier on the outbound PE router, testing the integrity of the Layer 2 circuit between the inbound and outbound PE routers.

Ping end point of LSP

ping mpls lsp-end-point

Checks the operability of an LSP endpoint. The device pings an LSP endpoint using either an LDP FEC prefix or an RSVP LSP endpoint address.

Before using the ping MPLS feature, make sure that the receiving interface on the VPN or LSP remote endpoint has MPLS enabled, and that the loopback interface on the outbound node is configured as 127.0.0.1. The source address for MPLS probes must be a valid address on the J Series device.

This section includes the following topics:

MPLS Enabled

To process ping MPLS requests, the remote endpoint of the VPN or LSP must be configured appropriately. You must enable MPLS on the receiving interface of the outbound node for the VPN or LSP. If MPLS is not enabled, the remote endpoint drops the incoming request packets and returns an “ICMP host unreachable” message to the J Series device.

Loopback Address

The loopback address (lo0) on the outbound node must be configured as 127.0.0.1. If this interface address is not configured correctly, the outbound node does not have this forwarding entry. It drops the incoming request packets and returns a “host unreachable” message to the J Series device.

Source Address for Probes

The source IP address you specify for a set of probes must be an address configured on one of the J Series device interfaces. If it is not a valid J Series device address, the ping request fails with the error message “Can't assign requested address.”

Using the ping Command

You can perform certain tasks only through the CLI. Use the CLI ping command to verify that a host can be reached over the network. This command is useful for diagnosing host and network connectivity problems. The device sends a series of ICMP echo (ping) requests to a specified host and receives ICMP echo responses.

See Also