Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Pinging VPNs

Pinging VPNs, VPLS, and Layer 2 Circuits

For testing purposes, you can ping Layer 2 VPNs, Layer 3 VPNs, and Layer 2 circuits by using the ping mpls command. The ping mpls command helps to verify that a VPN or circuit has been enabled and tests the integrity of the VPN or Layer 2 circuit connection between the PE routers. It does not test the connection between a PE router and a CE router. To ping a VPLS routing instance, you issue a ping vpls instance command (see Pinging a VPLS Routing Instance).

You issue the ping mpls command from the ingress PE router of the VPN or Layer 2 circuit to the egress PE router of the same VPN or Layer 2 circuit. When you execute the ping mpls command, echo requests are sent as MPLS packets.

The payload is a User Datagram Protocol (UDP) packet forwarded to the address 127.0.0.1. The contents of this packet are defined in RFC 4379, Detecting Multi-Protocol Label Switched (MPLS) Data Plane Failures. The label and interface information for building and sending this information as an MPLS packet is the same as for standard VPN traffic, but the time-to-live (TTL) of the innermost label is set to 1.

When the echo request arrives at the egress PE router, the contents of the packet are checked, and then a reply that contains the correct return is sent by means of UDP. The PE router sending the echo request waits to receive an echo reply after a timeout of 2 seconds (you cannot configure this value).

You must configure MPLS at the [edit protocols mpls] hierarchy level on the egress PE router (the router receiving the MPLS echo packets) to be able to ping the VPN or Layer 2 circuit. You must also configure the address 127.0.0.1/32 on the egress PE router’s lo0 interface. If this is not configured, the egress PE router does not have this forwarding entry and therefore simply drops the incoming MPLS pings.

The ping mpls command has the following limitations:

  • You cannot ping an IPv6 destination prefix.

  • You cannot ping a VPN or Layer 2 circuit from a router that is attempting a graceful restart.

  • You cannot ping a VPN or Layer 2 circuit from a logical system.

You can also determine whether an LSP linking two PE routers in a VPN is up by pinging the end point address of the LSP. The command you use to ping an MPLS LSP end point is ping mpls lsp-end-point address. This command tells you what type of LSP (RSVP or LDP) terminates at the address specified and whether that LSP is up or down.

For a detailed description of this command, see the Junos Routing Protocols and Policies Command Reference.

Setting the Forwarding Class of the Ping Packets

When you execute the ping mpls command, the ping packets forwarded to the destination include MPLS labels. It is possible to set the value of the forwarding class for these ping packets by using the exp option with the ping mpls command. For example, to set the forwarding class to 5 when pinging a Layer 3 VPN, issue the following command:

This command would makes the router attempt to ping the Layer 3 VPN westcoast using ping packets with an EXP forwarding class of 5. The default forwarding class used for the ping mpls command packets is 7.

Pinging a VPLS Routing Instance

The ping vpls instance command uses a different command structure and operates in a different fashion than the ping mpls command used for VPNs and Layer 2 circuits. The ping vpls instance command is only supported on MX Series routers, the M120 router, the M320 router, and the T1600 router.

To ping a VPLS routing instance, use the following command:

Pinging a VPLS routing instance requires using the ping vpls instance command with a combination of the routing instance name, the destination MAC address, and the source IP address (IP address of the outgoing interface).

When you run this command, you are provided feedback on the status of your request. An exclamation point (!) indicates that an echo reply was received. A period (.) indicates that an echo reply was not received within the timeout period. An x indicates that an echo reply was received with an error code these packets are not counted in the received packets count. They are accounted for separately.

Use Feature Explorer to confirm platform and release support for ping vpls instance. For more details, including argument descriptions and additional options, see ping vpls instance.

Pinging a Layer 3 VPN

To ping a Layer 3 VPN, use the following command:

You ping a combination of an IPv4 destination prefix and a Layer 3 VPN name on the egress PE router to test the integrity of the VPN connection between the ingress and egress PE routers. The destination prefix corresponds to a prefix in the Layer 3 VPN. However, the ping tests only whether the prefix is present in a PE router’s VRF table. It does not test the connection between a PE router and a CE router.