Panasonic NN46240-710 User Manual

Nortel Secure Router 8000 Series

Troubleshooting - VPN___________

3 BGP/MPLS IP VPN troubleshooting

If reachable routes exist between them, and the ping fails, contact Nortel technical support
engineers for technical assistance.

•

If the ping fails, use the display ip routing-table command on the local CE to view

whether routes to the remote CE exist in the local routing table. Use the display ip

routing-table command on the remote CE to view whether routes to the local CE exist. If

the two CEs have no routes to each other, or only the local CE has routes to the remote CE
but the remote CE has no routes to the local CE, it indicates a route problem between CEs.

Go to Step 2.

CD

NOTE

After you check that CE and its directly connected PE can ping each other successfully, use the

ping-vpn-instance

vpn-instance-name

-a

source-ip-address dest-ip-address

command on this PE to

check for reachable routes to the remote CE.

vpn-instance-name

is the name of the VPN to which CE

belongs.

source-ip-address

is the IP address of the interface through which PE connects CE directly.

dest-ip-address

is the IP address of a specific interface on the remote CE.

Step 2 Check routes of various network segments between CEs.

Three network segments exist between CEs.

•

From local CE to local PE

•

From local PE to remote PE

•

From remote PE to remote CE

For a route problem between the local CE and the local PE, and that between the remote PE and

the remote CE, you can remove the fault according to the following step.

1.

Check whether CE distributes the routing information to the directly connected PE.

On PE, use the display ip routing-table vpn-instance vpn-instance-name command to

view whether the VPN routing table holds the routing entries advertised from the directly

connected CE.

CD

NOTE

In this command, you must specify the parameter vpn-instance

vpn-instance-name

to display the routes

within a specified VPN. If you do not specify the parameter, the command displays public network routes

of PE.

If the VPN routing table on PE has no routes to CE, use the display bgp vpnv4 all peer
command to check whether EBGP peers establish between PE and CE.

-

If EBGP peers establish, check whether direct routes and inter-autonomous system (AS)

routes import to the BGP routing table of CE. Check whether direct routes are imported

in the VPN instance view of BGP IPv4 address family on PE.

- If no BGP peers are set up between PE and CE, check for a consistent AS number in

BGP configuration on PE and CE. For details about troubleshooting, see Nortel Secure

Router 8000 Series Troubleshooting - IP Routing (NN46240-706).

For a route problem between the local PE and the remote PE, perform the following step to
isolate the fault.

2.

Check whether private network routes on the local PE are distributed to the remote PE.

On the remote PE, use the display ip routing-table vpn-instance vpn-instance-name
command to check for routes to the local CE.

- If routes to the local CE exist, use the display ip routing-table vpn-instance

vpn-instance-name command on the local PE. If routes to the remote CE exist, it

indicates that there is no route problem between PEs.

-

If no routes to the local CE exist in the VPN routing table, use the display bgp vpnv4

all peer command to check whether BGP VPNv4 peers establish between PEs.

Issue 5.3 (30 March 2009)

Nortel Networks Inc.

3-11