Pinging VPNs
Pinging VPNs, VPLS, and Layer 2 Circuits
For testing purposes, you
can ping Layer 2 VPNs, Layer 3 VPNs, and Layer 2 circuits
by using the ping mpls command. The ping mpls command helps to verify that a VPN or circuit has been enabled and
tests the integrity of the VPN or Layer 2 circuit connection
between the PE routers. It does not test the connection between a
PE router and a CE router. To ping a VPLS routing instance, you issue
a ping vpls instance command (see Pinging
a VPLS Routing Instance).
You issue the ping mpls command from the ingress
PE router of the VPN or Layer 2 circuit to the egress PE router
of the same VPN or Layer 2 circuit. When you execute the ping mpls command, echo requests are sent as MPLS packets.
The payload is a User Datagram Protocol (UDP) packet forwarded
to the address 127.0.0.1. The contents of this packet are
defined in RFC 4379, Detecting Multi-Protocol Label
Switched (MPLS) Data Plane Failures. The label and interface
information for building and sending this information as an MPLS packet
is the same as for standard VPN traffic, but the time-to-live (TTL)
of the innermost label is set to 1.
When the echo request arrives at the egress PE router, the contents of the packet are checked, and then a reply that contains the correct return is sent by means of UDP. The PE router sending the echo request waits to receive an echo reply after a timeout of 2 seconds (you cannot configure this value).
You must configure MPLS at the [edit protocols mpls] hierarchy level on the egress PE router (the router receiving the
MPLS echo packets) to be able to ping the VPN or Layer 2 circuit.
You must also configure the address 127.0.0.1/32 on the
egress PE router’s lo0 interface. If this is not
configured, the egress PE router does not have this forwarding entry
and therefore simply drops the incoming MPLS pings.
The ping mpls command has the following limitations:
You cannot ping an IPv6 destination prefix.
You cannot ping a VPN or Layer 2 circuit from a router that is attempting a graceful restart.
You cannot ping a VPN or Layer 2 circuit from a logical system.
You can also determine whether an LSP linking two PE routers
in a VPN is up by pinging the end point address of the LSP. The command
you use to ping an MPLS LSP end point is ping mpls lsp-end-point address. This command tells you what type of LSP
(RSVP or LDP) terminates at the address specified and whether that
LSP is up or down.
For a detailed description of this command, see the Junos Routing Protocols and Policies Command Reference.
Setting the Forwarding Class of the Ping Packets
When you execute the ping mpls command, the ping
packets forwarded to the destination include MPLS labels. It is possible
to set the value of the forwarding class for these ping packets by
using the exp option with the ping
mpls command. For example, to set the forwarding class to 5
when pinging a Layer 3 VPN, issue the following command:
ping mpls l3vpn westcoast source 192.0.2.0 prefix 192.0.2.1 exp 5 count 20 detail
This command would makes the router attempt to ping the Layer 3
VPN westcoast using ping packets with an EXP forwarding
class of 5. The default forwarding class used for the ping
mpls command packets is 7.
Pinging a VPLS Routing Instance
The ping vpls instance command uses a different command
structure and operates in a different fashion than the ping mpls command used for VPNs and Layer 2 circuits. The ping vpls
instance command is only supported on MX Series routers, the
M120 router, the M320 router, and the T1600 router.
To ping a VPLS routing instance, use the following command:
ping vpls instance instance-name destination-mac address source-ip address <count number> <data-plane-response> <detail> <learning-vlan-id number> <logical-system logical-system-name>
Pinging a VPLS routing instance requires using the ping
vpls instance command with a combination of the routing instance
name, the destination MAC address, and the source IP address (IP address
of the outgoing interface).
When you run this command, you are provided feedback on the
status of your request. An exclamation point (!) indicates that an
echo reply was received. A period (.) indicates that an echo reply was not received within the timeout
period. An x indicates that an echo
reply was received with an error code these packets are not counted
in the received packets count. They are accounted for separately.
For more details, including argument descriptions and additional options, see ping vpls instance.
Pinging a Layer 3 VPN
To ping a Layer 3 VPN, use the following command:
ping mpls l3vpn l3vpn-name prefix prefix <count count>
You ping a combination of an IPv4 destination prefix and a Layer 3 VPN name on the egress PE router to test the integrity of the VPN connection between the ingress and egress PE routers. The destination prefix corresponds to a prefix in the Layer 3 VPN. However, the ping tests only whether the prefix is present in a PE router’s VRF table. It does not test the connection between a PE router and a CE router.