Fault Symptom
BGP/MPLS IP VPN services and OSPF are configured on the two PEs and the P. A loopback interface is created on each PE and bound to a VPN instance named vpn1. The IP address of the loopback interface on PE1 is 1.1.1.1; the IP address of the loopback interface on PE2 is 1.1.1.2.
When the configuration is complete, the two PEs cannot exchange private network routes, and the ping between them fails.
Fault Analysis
1. Run the display ospf peer command on each PE, and you can view that the neighbor status is Full. Run the display ip routing-table command on each PE, and you can view that each PE has learned the route to Loopback1 on the peer PE.
2. Run the display mpls ldp session command on the P. You can view that the LDP peer relationships between the P and PEs are established.
3. Run the display mpls lsp command on both PEs to check label allocation. You can find that the PEs have LSPs to each other.
4. Run the display this command in the BGP-VPNv4 address family view on each PE. You can find that the peer ipv4-address enable command has been configured. Run the display bgp vpnv4 all peer command on each PE. You can find that the BGP peer relationships are established between the PEs and between the PE and CE.
5. Run the display ip routing-table vpn-instance vpn1 command on each PE to check the VPN routing table. A route, 1.1.1.0/24 direct, with Loopback1 being the outbound interface, is found in the routing table. The mask of the route is a 24-bit value rather than a 32-bit value.
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.1 LoopBack1
6. Run the display ip interface brief command on each PE. You can find that a 24-bit mask (not a 32-bit mask) is configured for the IP address of Loopback1.
Interface IP Address/Mask Physical Protocol
LoopBack1 1.1.1.1/24 up up(s)
In this manner, the IP addresses of loopback interfaces on the two PEs belong to the same network segment (1.1.1.0/24). In fact, the PEs have learned private network routes from each other. On each PE, the learned private network route and local Loopback1, however, belong to the same network segment. Then, there are two routes to Loopback1 on the peer PE: One is a direct route; the other is a BGP route. In this case, the PE places the direct route in its routing table, and there are no private network routes in the VPN routing table. As a result, Loopback1 on the peer PE fails to be pinged.
Procedure
1. Run the system-view command to enter the system view.
2. Run the interface loopback1 command to enter the view of Loopback1 bound to the VPN instance.
3. Run the ip address ip-address { mask | mask-length } command to configure an IP address with a 32-bit mask on each PE.
When the configuration is complete, the PEs can successfully ping Loopback1 on each other, and the fault is rectified.
Summary
When configuring BGP/MPLS IP VPN services, ensure that the IP addresses of the interfaces bound to the same VPN instance but residing on different PEs belong to different network segments.
