某局点MSR3600 MPLS L2VPN建立失败问题处理案例

设备型号和版本：

RT1-MSR3600-V7 0605P13  RT2-MSR2020-V5 2207P38

现场需求：两台设备通过建立MPLS L2VPN BGP PW隧道实现二层互访，目前的问题，隧道建立失败，无法通信。

<RT-1>dis l2vpn xconnect-group   //显示L2VPN PW信息

Total number of cross-connections: 1, 0 up, 1 down, 0 admin down

Xconnect-group Name Connection ID MTU State

vpn1                                             0       1500 Down

<RT-2>dis mpls l2vpn connection  //显示Kompella方式的L2VPN连接信息

1 total connections, connections: 0 up, 1 down, 0 local, 0 remote, 1 unknown

VPN name: vpn1, 1 total connections,

connections: 0 up, 1 down, 0 local, 0 remote, 1 unknown

CE name: cel, id: 1,

Rid type status peer-id route-distinguisher intf

2 --- down --- --- Eth0/1 

1、首先查看LDP Remote Peer状态是否建立成功

<RT-1>dis mpls ldp peer

Total number of peers: 1

Peer LDP ID Stat​e Role GR MD5 KA Sent/Rcvd

1.1.1.1:0 Operational Active Off Off 24/24

[RT-2]dis mpls ldp session

LDP Session(s) in Public Network

Total number of sessions: 1 ------------------------------------------------------------------------------

Peer-ID Status LAM SsnRole FT MD5 KA-Sent/Rcv ------------------------------------------------------------------------------

2.2.2.2:0 Operational DU Passive Off Off 19/19 ------------------------------------------------------------------------------

LAM : Label Advertisement Mode FT : Fault Tolerance

2、查看BGP L2VPN Peer是否建立成功

<RT-1>dis bgp peer l2vpn

BGP local router ID: 2.2.2.2

Local AS number: 100 Total number of peers: 1

Peers in established state: 0

* - Dynamically created peer Peer

AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State

1.1.1.1 100 4 6 0 0 00:03:03 No Neg 

状态为NO Neg，表示地址组能力指定错误，邻居两端的地址组能力不匹配，一般会出现在V5，V7设备对接以及与第三方厂商对接时候出现

核对两台设备的关键配置

RT-1：

bgp 100

router-id 2.2.2.2

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

#

address-family l2vpn

peer 1.1.1.1 enable

#

connect-group vpn1

auto-discovery bgp

route-distinguisher 3:3

vpn-target 3:3 export-extcommunity

vpn-target 3:3 import-extcommunity

site 2 range 10 default-offset 0

connection remote-site-id 1

ac interface GigabitEthernet5/2

RT-2：

bgp 100 router-id 1.1.1.1

undo synchronization

#

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

#

l2vpn-family

peer 2.2.2.2 enable

#

mpls l2vpn vpn1 encapsulation ethernet

route-distinguisher 3:3

vpn-target 3:3 import-extcommunity

vpn-target 3:3 export-extcommunity

ce cel id 1 range 10 default-offset 0

connection ce-offset 2 interface Ethernet0/1

可以看到RT-2使用的是Kompella方式MPLS L2VPN，而在建立BGP PW的时候，PE设备需要通过MP-BGP协议来交换标签块信息。

在RT-1这侧的BGP L2VPN地址族试图下制定peer 1.1.1.1 enable之后，默认情况下，本地路由器即具有与peer对等体采用RFC 4716中定义的MP_REACH_NLRI格式交换标签信息的能力。所以两端的配置不兼容，需要在RT-1侧添加如下命令：

address-family l2vpn

peer 1.1.1.1 enable

peer 1.1.1.1 signaling non-standard 

undo peer 1.1.1.1 auto-discovery

该参数的作用是使能本地路由器与对等体1.1.1.1交换MPLS L2VPN标签块信息的能力，并指定采用draft-kompella-ppvpn-l2vpn-03草案中定义的MP_REACH_NLRI格式交换标签块信息，同时关闭自动发现邻居。

添加改命令之后BGP Peer l2vpn状态变成Establish

添加改命令之后BGP PW仍然没有建立成功，进一步排查发现

RT-2这边mpls l2vpn采用的是Ethernet的封装，RT-1这边没有配置模式，默认是vlan的方式，需要修改为一致。

pw-class pw100

pw-type ethernet

xconnect-group vpn1

auto-discovery bgp

pw-class pw100  //在L2VPN交叉连接组下面调用pw-class

最后需要注意的是查看PW状态前，需要保持AC口的状态是UP，否则即使配置正确，PW的状态也会是down

基于上述三点进行排查修改之后，BGP PW建立成功，测试业务互访正常。

<RT-1> dis l2vpn pw

Flags: M - main, B - backup, BY - bypass, H - hub link, S - spoke link, N - no split horizon

Total number of PWs: 1 1 up, 0 blocked, 0 down, 0 defect, 0 idle, 0 duplicate

Xconnect-group Name: vpn1

Peer PW ID/Rmt Site In/Out Label Proto Flag Link ID State

1.1.1.1 1 917505/20482 BGP M 1 Up

<RT-2>dis mpls l2vpn connection

1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown

VPN name: vpn1,

1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown

CE name: cel, id: 1,

Rid type status peer-id route-distinguisher intf

2 rmt up 2.2.2.2 3:3 Eth0/1