MPLS troubleshooting with LSP ping

From CT3

Jump to: navigation, search

By Ivan Pepelnjak

MPLS ping is a UDP-based protocol defined in RFC 4379 (Detecting Multi-Protocol Label Switched (MPLS) Data Plane Failures) and implemented in IOS releases 12.2SRC, 12.2SE and 12.4(20)T as the LSP Ping/Trace for LDP & RSVP IPv4 FECs feature.

Contents

Theory of Operation

The MPLS ping (ping mpls ipv4 fec) command encapsulates the UDP packet constructed according to RFC 4379 in the MPLS header associated with the specified FEC (the LDP label associated with the specified IP prefix). TTL of the labels in the label stack is set to 255 and the TTL of the encapsulated UDP packet to 1. The TTL values in the MPLS labels ensure that the UDP packet arrives to the destination (assuming the end-to-end LSP is not broken). If there is no continuous LSP between the originating router and the target FEC, an intermediate router receives an exposed IP packet, decrements the TTL in the IP packet (to zero) and sends an error reply.

The MPLS traceroute command (traceroute mpls ipv4 fec) sets the TTL of the encapsulated IP packet to 1 and sequentially increments the TTL values in the MPLS header, causing the MPLS TTL to expire on successive intermediate routers, resulting in hop-by-hop printout very similar to the one produced by regular traceroute command.

Contrary to regular ping and traceroute commands, the router originating MPLS ping packets sends the UDP packets already encapsulated in an MPLS label stack, ensuring that any discontinuity in the LSP path is immediately exposed and reported to the sender.

Sample results with simple LDP-based MPLS

The traceroute mpls ipv4 command was tested in a network with four core routers and three PE-routers (Figure 1)

Figure 1: Sample MPLS network

Initially, the optimum OSPF-computed path from PE-A to PE-C passed C1, C3, C4 and PE-D. When the MPLS switching and LDP was configured on all transit interfaces, traceroute mpls ipv4 command reported the hops displayed in the following printout. As you can see, the target PE-router was successfully reached as indicated by the ! code.

PE-A#trace mpls ipv4 10.0.1.5/32
Tracing MPLS Label Switched Path to 10.0.1.5/32, timeout is 2 seconds

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
  'L' - labeled output interface, 'B' - unlabeled output interface,
  'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
  'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
  'P' - no rx intf label prot, 'p' - premature termination of LSP,
  'R' - transit router, 'I' - unknown upstream index,
  'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.
  0 10.0.7.5 MRU 1500 [Labels: 23 Exp: 0]
I 1 10.0.7.6 MRU 1500 [Labels: 24 Exp: 0] 28 ms
I 2 10.0.7.26 MRU 1500 [Labels: 20 Exp: 0] 8 ms
I 3 10.0.7.30 MRU 1500 [Labels: 17 Exp: 0] 16 ms
I 4 10.0.7.9 MRU 1504 [Labels: implicit-null Exp: 0] 52 ms
! 5 10.2.1.1 52 ms

When LDP was disabled on the C3-C4 interface, the traceroute reported unlabeled output interface (return code B):

PE-A#trace mpls ipv4 10.0.1.5/32
Tracing MPLS Label Switched Path to 10.0.1.5/32, timeout is 2 seconds

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
  'L' - labeled output interface, 'B' - unlabeled output interface, 
  'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
  'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 
  'P' - no rx intf label prot, 'p' - premature termination of LSP, 
  'R' - transit router, 'I' - unknown upstream index,
  'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.
  0 10.0.7.5 MRU 1500 [Labels: 27 Exp: 0]
I 1 10.0.7.6 MRU 1500 [Labels: 24 Exp: 0] 20 ms
B 2 10.0.7.26 MRU 1504 [No Label] 16 ms
B 3 10.0.7.26 MRU 1504 [No Label] 12 ms
B 4 10.0.7.26 MRU 1504 [No Label] 40 ms
B 5 10.0.7.26 MRU 1504 [No Label] 72 ms
... rest deleted ...
As soon as MPLS traceroute encounters an interface that causes the encapsulated IP packet to become exposed, all subsequent probes report the same problem/IP address (unless a network with alternate paths performs per-packet load sharing, in which case a subsequent probe might travel along a different path).

Sample results with MPLS traffic engineering

The PE-D router was removed from the network and an MPLS TE tunnel established between C1 and C2 to perform MPLS TE-based tests (Figure 2).

Figure 2: Sample MPLS traffic engineering network

The MPLS traceroute from PE-A to PE-C now passes C1, C3, C4 and C2 and the responses carry additional labels imposed by MPLS TE tunnel:

PE-A#trace mpls ipv4 10.0.1.5/32
Tracing MPLS Label Switched Path to 10.0.1.5/32, timeout is 2 seconds

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
  'L' - labeled output interface, 'B' - unlabeled output interface,
  'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
  'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
  'P' - no rx intf label prot, 'p' - premature termination of LSP,
  'R' - transit router, 'I' - unknown upstream index,
  'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.
  0 10.0.7.5 MRU 1500 [Labels: 23 Exp: 0]
I 1 10.0.7.6 MRU 1496 [Labels: 31/19 Exp: 0/0] 16 ms
I 2 10.0.7.26 MRU 1500 [Labels: 31/19 Exp: 0/0] 16 ms
I 3 10.0.7.30 MRU 1504 [Labels: 19 Exp: 0] 20 ms
I 4 10.0.7.33 MRU 1504 [Labels: implicit-null Exp: 0] 48 ms
! 5 10.0.7.17 24 ms

When LDP is disabled on the tunnel interface on C1, the MPLS traceroute reports an error, as the tunnel tail end (C2) receives bare UDP packet (the LDP label was never imposed by the tunnel head end and the penultimate hop of the MPLS TE tunnel removes the tunnel label). If the core network runs IOS release 12.4(20)T, the error is reported by C2:

PE-A#trace mpls ipv4 10.0.1.5/32
Tracing MPLS Label Switched Path to 10.0.1.5/32, timeout is 2 seconds

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
  'L' - labeled output interface, 'B' - unlabeled output interface, 
  'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
  'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 
  'P' - no rx intf label prot, 'p' - premature termination of LSP, 
  'R' - transit router, 'I' - unknown upstream index,
  'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.
  0 10.0.7.5 MRU 1500 [Labels: 24 Exp: 0]
I 1 10.0.7.6 MRU 1500 [Labels: 32 Exp: 0] 4 ms
I 2 10.0.7.26 MRU 1500 [Labels: 32 Exp: 0] 12 ms
I 3 10.0.7.30 MRU 1504 [Labels: implicit-null Exp: 0] 12 ms
f 4 10.0.7.33 20 ms
f 5 10.0.7.33 24 ms
f 6 10.0.7.33 12 ms
f 7 10.0.7.33 16 ms

However, when the IOS release 12.2(33)SRC1 code is deployed in the core, the tunnel head end router (C1) reports an error:

PE-A#trace mpls ipv4 10.0.1.5/32
Tracing MPLS Label Switched Path to 10.0.1.5/32, timeout is 2 seconds

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
  'L' - labeled output interface, 'B' - unlabeled output interface, 
  'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
  'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 
  'P' - no rx intf label prot, 'p' - premature termination of LSP, 
  'R' - transit router, 'I' - unknown upstream index,
  'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.
  0 10.0.7.5 MRU 1500 [Labels: 27 Exp: 0]
I 1 10.0.7.6 MRU 1500 [Labels: 29 Exp: 0] 44 ms
D 2 10.0.7.6 MRU 1500 [Labels: 29 Exp: 0] 8 ms
D 3 10.0.7.6 MRU 1500 [Labels: 29 Exp: 0] 8 ms

The error reported by the tunnel head end (C1) is not due to an MPLS TE configuration error, as a regular traceroute command successfully reaches PE-C (although with only a single label reported in the label stack when the packet is traversing the MPLS TE tunnel):

PE-A#trace 10.0.1.5

Type escape sequence to abort.
Tracing the route to PE-C (10.0.1.5)

  1 10.0.7.6 [MPLS: Label 23 Exp 0] 44 msec 44 msec 40 msec
  2 10.0.7.26 [MPLS: Label 31 Exp 0] 44 msec 40 msec 8 msec
  3 10.0.7.30 [MPLS: Label 31 Exp 0] 4 msec 12 msec 8 msec
  4 10.0.7.33 72 msec 8 msec 4 msec
  5 10.0.7.17 8 msec *  4 msec

Additional Resources  

Implementing Cisco MPLS (MPLS) course:

Configuring BGP on Cisco Routers (BGP) course:

Other links

Did you know?

  • NIL developed the first commercially available MPLS/VPN traning.
  • This training was for several years the only course available to Cisco's internal audiences and its Service Provider customers in Europe.
  • The MPLS/VPN course developed by NIL later became part of Cisco's Service Provider training curriculum and the basis for the Implementing Cisco MPLS (MPLS) course that is part of the CCIP curriculum.
  • NIL's experts have worked as part of Cisco's Professional Services team supporting early adopters of MPLS VPN technology in Europe.
  • NIL has provided several large Service Providers with MPLS/VPN design and deployment support.
Personal tools

CT3

Main menu