Solved: Re: LSP broken when ldp running on gre tunnel interface

ethanzhao · ‎10-07-2018

1.GRE tunnel is configured between MIKrotik router OS and PE .

2.EBGP is running between PE and VGW to propagate route of the tunnel source and destination .

3.ldp and ospf is running on gre tunnel

here is some output information on PE

RP/0/RSP0/CPU0:pe1.pek6#show ip ospf ne
Sun Oct  7 13:52:07.689 UTC

* Indicates MADJ interface
# Indicates Neighbor awaiting BFD session up

Neighbors for OSPF 1

Neighbor ID     Pri   State           Dead Time   Address         Interface
116.92.122.70   1     FULL/  -        00:00:36    116.92.122.114  tunnel-ip601
    Neighbor is up for 00:55:53
pe1.pek6#show mpls ldp neighbor brief   
116.92.122.70:0    N   N    00:58:29    1     0     3     0     5      0 
   
RP/0/RSP0/CPU0:pe1.pek6#show mpls  forwarding prefix 116.92.122.70/32
Sun Oct  7 13:57:10.228 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
24019  Pop         116.92.122.70/32   ti601        116.92.122.114  0 

RP/0/RSP0/CPU0:pe1.pek6#show mpls ldp neighbor
Peer LDP Identifier: 116.92.122.70:0
 TCP connection: 116.92.122.70:36404 - 116.92.122.65:646
 Graceful Restart: No
 Session Holdtime: 180 sec
 State: Oper; Msgs sent/rcvd: 1247/78; Downstream-Unsolicited
 Up time: 01:07:47
 LDP Discovery Sources:
 IPv4: (1)
 tunnel-ip601
 IPv6: (0)
 Addresses bound to this peer:
 IPv4: (3)
 116.92.122.70 116.92.122.114 172.21.16.14 
 IPv6: (0)


RP/0/RSP0/CPU0:pe1.pek6#ping mpls ipv4  116.92.122.70 255.255.255.255 
Sun Oct  7 13:59:16.614 UTC

Sending 5, 100-byte MPLS Echos to 116.92.122.70/32,
      timeout is 2 seconds, send interval is 0 msec:

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
  'L' - labeled output interface, 'B' - unlabeled output interface, 
  'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
  'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 
  'P' - no rx intf label prot, 'p' - premature termination of LSP, 
  'R' - transit router, 'I' - unknown upstream index,
  'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.

.....
Success rate is 0 percent (0/5)
RP/0/RSP0/CPU0:pe1.pek6#

everything looks ok . but mpls ping is ok . and i capture packet on PE when i try to ping mpls 116.92.122.70 . i can see output below : the destination of the packet change to 127.0.0.1 . i think that is why mpls ping fail . is there anyone can support me . thanks very much

asiergd · ‎10-12-2018

Hi ethanzhao,
I do the same test, all works OK, with ospf and with static routes.
Perhaps some config in Mikrotik device.

The devices config in static routing scenario:
Mikrotik version (6.43rc51).
Mikrotik config:
/interface bridge
add name=loopback0
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-full speed=1Gbps
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-full speed=1Gbps
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip address
add address=192.168.199.100/24 interface=ether2 network=192.168.199.0
add address=116.92.122.114/30 interface=ether1 network=116.92.122.112
add address=116.92.122.70 interface=loopback0 network=116.92.122.70
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip route
add distance=1 dst-address=116.92.122.65/32 gateway=116.92.122.113
add distance=1 dst-address=116.92.248.65/32 gateway=116.92.122.113
/mpls ldp
set enabled=yes lsr-id=116.92.122.70 transport-address=116.92.122.70
/mpls ldp interface
add interface=ether1

R1 config:
R1#sh run | s ip route|GigabitEthernet|mpls
mpls label protocol ldp
mpls ldp discovery targeted-hello accept
interface GigabitEthernet2
ip address 116.92.122.113 255.255.255.252
speed 1000
no negotiation auto
mpls ip
interface GigabitEthernet3
ip address 10.1.1.2 255.255.255.252
negotiation auto
mpls ip
ip route 116.92.122.70 255.255.255.255 GigabitEthernet2 116.92.122.114
ip route 116.92.248.65 255.255.255.255 GigabitEthernet3 10.1.1.1
mpls ldp router-id Loopback0

R2 config:
R2#sh run | s ip route|GigabitEthernet|mpls
mpls ldp discovery targeted-hello accept
interface GigabitEthernet2
ip address 10.1.1.1 255.255.255.252
negotiation auto
mpls ip
ip route 116.92.122.65 255.255.255.255 GigabitEthernet2 10.1.1.2
ip route 116.92.122.70 255.255.255.255 GigabitEthernet2 10.1.1.2
mpls ldp router-id Loopback0

I hope you find the issue,

Regards

View solution in original post

Francesco Molino · ‎10-08-2018

Hi

Can you share the complete wireshark capture? That's normal the destination is 127.0.0.1 when using ping mpls or traceroute mpls.
Also can you share your configs please?

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

ethanzhao · ‎10-10-2018

Thanks for your reply . To simply the troubleshooting , I change the topology. Here is the new topology . it looks the issue is between R1 and mikrotik router os . there is no GRE anymore

Ldp ,ospf is running on all the interface of those 3 device . here is output on R1

R1#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
116.92.122.70     1   FULL/DR         00:00:34    116.92.122.114  GigabitEthernet1/0
116.92.248.65     1   FULL/DR         00:00:37    10.1.1.1        FastEthernet0/0
R1#
R1#show mpls ldp neighbor 
    Peer LDP Ident: 116.92.122.70:0; Local LDP Ident 116.92.122.65:0
        TCP connection: 116.92.122.70.40382 - 116.92.122.65.646
        State: Oper; Msgs sent/rcvd: 33/41; Downstream
        Up time: 00:21:51
        LDP discovery sources:
          GigabitEthernet1/0, Src IP addr: 116.92.122.114
        Addresses bound to peer LDP Ident:
          116.92.122.70   116.92.122.114  192.168.199.100 
    Peer LDP Ident: 116.92.248.65:0; Local LDP Ident 116.92.122.65:0
        TCP connection: 116.92.248.65.47697 - 116.92.122.65.646
        State: Oper; Msgs sent/rcvd: 10/10; Downstream
        Up time: 00:02:19
        LDP discovery sources:
          FastEthernet0/0, Src IP addr: 10.1.1.1
        Addresses bound to peer LDP Ident:
          10.1.1.1        116.92.248.65   
R1#


R1#show mpls forwarding-table 
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    
Label      Label      or Tunnel Id     Switched      interface              
18         Pop Label  116.92.248.65/32 0             Fa0/0      10.1.1.1    
19         Pop Label  116.92.122.70/32 0             Gi1/0      116.92.122.114

R1#show mpls ldp bindings 
  lib entry: 10.1.1.0/30, rev 7
        local binding:  label: imp-null
        remote binding: lsr: 116.92.122.70:0, label: 17
        remote binding: lsr: 116.92.248.65:0, label: imp-null
  lib entry: 116.92.122.65/32, rev 6
        local binding:  label: imp-null
        remote binding: lsr: 116.92.122.70:0, label: 18
        remote binding: lsr: 116.92.248.65:0, label: 16
  lib entry: 116.92.122.70/32, rev 12
        local binding:  label: 19
        remote binding: lsr: 116.92.122.70:0, label: imp-null
        remote binding: lsr: 116.92.248.65:0, label: 17
  lib entry: 116.92.122.112/30, rev 8
        local binding:  label: imp-null
        remote binding: lsr: 116.92.122.70:0, label: imp-null
        remote binding: lsr: 116.92.248.65:0, label: 18
  lib entry: 116.92.248.65/32, rev 10
        local binding:  label: 18
        remote binding: lsr: 116.92.122.70:0, label: 16
        remote binding: lsr: 116.92.248.65:0, label: imp-null
  lib entry: 192.168.199.0/24, rev 13
        remote binding: lsr: 116.92.122.70:0, label: imp-null
R1#
R1#
When I try to ping lookback ip of mikrotik
R1#ping mpls ipv4 116.92.122.70/32  repeat 20
Sending 20, 100-byte MPLS Echos to 116.92.122.70/32, 
     timeout is 2 seconds, send interval is 0 msec:

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
  'L' - labeled output interface, 'B' - unlabeled output interface, 
  'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
  'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 
  'P' - no rx intf label prot, 'p' - premature termination of LSP, 
  'R' - transit router, 'I' - unknown upstream index,
  'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.
....................
Success rate is 0 percent (0/20)
R1#

when i try to ping R2

When I try to ping R2
R1#ping mpls ipv4 116.92.248.65/32           
Sending 5, 100-byte MPLS Echos to 116.92.248.65/32, 
     timeout is 2 seconds, send interval is 0 msec:

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
  'L' - labeled output interface, 'B' - unlabeled output interface, 
  'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
  'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry, 
  'P' - no rx intf label prot, 'p' - premature termination of LSP, 
  'R' - transit router, 'I' - unknown upstream index,
  'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/38/44 ms

the attachment is the configuration and packet capture file . thanks

Francesco Molino · ‎10-10-2018

Thanks. I'll back you this weekend as these days are quite busy.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

asiergd · ‎10-09-2018

Hi ethanzhao,
I do not work with mikrotik devices, but as you has enabled OAM in IOS-XR device perhaps you can do the same at Mikrotik device, or perhaps Mikrotik does not support ping/traceroute mpls (RFC8029 or earlier). I would make sure of that first.

Regards

ethanzhao · ‎10-10-2018

Hi aiergd .
thanks for your reply. i will confirm that . but per my understanding . the mpls label will be pop at PE . it is a IP packet . so maybe it doesn't matter
mikrotik can supportping/traceroute mpls or not thanks again

asiergd · ‎10-10-2018

Hi ethanzhao,

only to clarify, ping mpls ipv4 is not a regular ping. Each ping mpls packet encodes the FEC to validate it. Devices must support the feature.

https://tools.ietf.org/html/rfc4379

https://tools.ietf.org/html/rfc8029

If Mikrotik does not support ping mpls, the ping mpls will fail. This can be a possible cause.

Regards.

ethanzhao · ‎10-10-2018

Thanks for your information . the target is to make mpls L3VPN work . i will try the l3vpn connectivity, although ping mpls is not working . thanks again

asiergd · ‎10-10-2018

Thanks ethanzhao, to recapitulate:

L3VPN is not working.

Failed ping mpls ipv4 does not ensure that there is a problem in LSP because Mikrotik perhaps does not support it or the feature is not activated.

Can you share config of both devices?

Regards

ethanzhao · ‎10-11-2018

Hi Asierge

thanks for you information . i test with a simplier topology . ospf is running between those device . no gre tunnel is configured.

as you mention before , even ping mpls ipv4 is not working , l3vpn connectivity is working fine . the test result prove that you are right

i do another test . when i disable the ospf between MIkrotik and R1 , static route is used between those 2 device . l3vpn is not working ,

since the route propagate is normal .ldp neighbor is normal . i really cannot understand why but l3vpn is not working

could you please help to explain ? thanks

asiergd · ‎10-12-2018

Hi ethanzhao,
I do the same test, all works OK, with ospf and with static routes.
Perhaps some config in Mikrotik device.

The devices config in static routing scenario:
Mikrotik version (6.43rc51).
Mikrotik config:
/interface bridge
add name=loopback0
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-full speed=1Gbps
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-full speed=1Gbps
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip address
add address=192.168.199.100/24 interface=ether2 network=192.168.199.0
add address=116.92.122.114/30 interface=ether1 network=116.92.122.112
add address=116.92.122.70 interface=loopback0 network=116.92.122.70
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip route
add distance=1 dst-address=116.92.122.65/32 gateway=116.92.122.113
add distance=1 dst-address=116.92.248.65/32 gateway=116.92.122.113
/mpls ldp
set enabled=yes lsr-id=116.92.122.70 transport-address=116.92.122.70
/mpls ldp interface
add interface=ether1

R1 config:
R1#sh run | s ip route|GigabitEthernet|mpls
mpls label protocol ldp
mpls ldp discovery targeted-hello accept
interface GigabitEthernet2
ip address 116.92.122.113 255.255.255.252
speed 1000
no negotiation auto
mpls ip
interface GigabitEthernet3
ip address 10.1.1.2 255.255.255.252
negotiation auto
mpls ip
ip route 116.92.122.70 255.255.255.255 GigabitEthernet2 116.92.122.114
ip route 116.92.248.65 255.255.255.255 GigabitEthernet3 10.1.1.1
mpls ldp router-id Loopback0

R2 config:
R2#sh run | s ip route|GigabitEthernet|mpls
mpls ldp discovery targeted-hello accept
interface GigabitEthernet2
ip address 10.1.1.1 255.255.255.252
negotiation auto
mpls ip
ip route 116.92.122.65 255.255.255.255 GigabitEthernet2 10.1.1.2
ip route 116.92.122.70 255.255.255.255 GigabitEthernet2 10.1.1.2
mpls ldp router-id Loopback0

I hope you find the issue,

Regards

ethanzhao · ‎10-14-2018

thanks for your help . i find the problem . i use aggregate static route on Mikrotik , 116.92.0.0/16 it is not working

when i change to specific as you do ,it is working fine . do you have any idea why?

ethanzhao · ‎10-10-2018

Hi .
thanks for your reply. i will confirm that . but per my understanding . the MPLS label will be pop at PE . it is a IP packet . so maybe it doesn't matter
Mikrotik can support ping/ traceroute mpls or not thanks again

ethanzhao · ‎10-10-2018

thanks for your support .

asiergd · ‎11-08-2018

Glad to help