Cisco Active Network Abstraction 3.6.6 MPLS User Guide July 10, 2009 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
CONTENTS Preface vii Organization vii Related Documentation Conventions viii viii Obtaining Documentation and Submitting a Service Request CHAPTER 1 Viewing MPLS VPNs ix 1-1 Supported MPLS and VPN Technologies and Routing Protocols MPLS VPN Maps Overview 1-1 1-2 VPN Business Configurations 1-2 Layer 3 VPN Business Configuration 1-3 Layer 2 VPN Business Configuration and Tunnels 1-3 VPN Topology Connections 1-3 Layer 3 VPN Map 1-5 Layer 2 VPN Map 1-5 Tree Pane 1-7 Map Pane 1-8 Ticket Pane 1
Contents Creating an LCA Moving an LCA Deleting an LCA Moving an LCP 3-5 3-5 3-5 3-6 Jumping to an Adjacent LCP 3-6 Renaming a Business Element Deleting a Business Element CHAPTER 4 3-6 3-7 Viewing MPLS VPN Properties Viewing VPN Properties 4-1 Viewing Site Properties 4-1 4-1 Viewing Virtual Router Properties 4-2 Displaying VRF Egress and Ingress Adjacents Viewing VRF Properties in the Inventory Window 4-5 4-5 Working with the VPN Service Overlay 4-7 Choosing an Overlay 4-7 Displaying or Hid
Contents Viewing Access List Information CHAPTER 6 IPv6 VPN over MPLS 6VPE Overview 5-14 6-1 6-2 Viewing IPv4 and IPv6 Addresses 6-3 Cisco ANA 6VPE Support Limitations 6-5 IPv6 Addressing 6-6 IPv6 Address Representation 6-6 IPv6 Address Prefix Text Representation 6-7 Provisioning Route Targets 6-8 Enabling IPv6 VRFs 6-12 Adding Route Targets with IPv4 and IPv6 Address Families 6-12 Deleting Route Targets with IPv4 and IPv6 Address Families 6-13 CHAPTER 7 MPLS Network Faults 7-1 MPLS Netwo
Contents CHAPTER Using Cisco ANA PathTracer in MPLS Networks 9 Cisco ANA PathTracer Tracing Capability 9-1 Using Cisco ANA PathTracer in MPLS Networks Cisco ANA PathTracer Starting Points 9-2 Cisco ANA PathTracer Endpoints 9-3 Cisco ANA PathTracer Windows A Using Cisco ANA PathTracer for Layer 3 VPN 9-6 Using Cisco ANA PathTracer for Layer 2 VPN 9-6 Running a VPN Leak Report 9-2 9-3 Using Cisco ANA PathTracer for MPLS TE Tunnels Viewing MPLS TE Tunnel Information 9-8 APPENDIX 9-1 9-7 A-1
Preface This guide describes how you can use Cisco Active Network Abstraction (Cisco ANA) to monitor and manage networks using Multiprotocol Label Switching (MPLS), and how to monitor and manage Virtual Private Networks (VPNs) run over MPLS networks. The guide describes how to use Cisco ANA to view information specific to VPNs, MPLS fault management, service impact analysis, and MPLS traffic engineering (TE) tunnels.
Preface Section Title Description 6 IPv6 VPN over MPLS Provides an overview of the IPv6 support in 6VPE network configurations. 7 MPLS Network Faults Provides an overview of MPLS network faults including MPLS, LSP, LDP, BGP, TE tunnels, and Layer 2 VPN alarms. 8 Impact Analysis in MPLS Networks Provides an overview of the impact analysis solution and supported scenarios. In addition, it describes calculating and viewing the affected and potentially affected parties in the VPN network.
Preface Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the publication. Tip Means the following information will help you solve a problem. Caution Means reader be careful. In this situation, you might perform an action that could result in equipment damage or loss of data.
Preface Cisco Active Network Abstraction 3.6.
CH A P T E R 1 Viewing MPLS VPNs The following topics provide an overview to Multiprotocol Label Switching (MPLS) virtual private network (VPN) technologies displayed by Cisco Active Network Abstraction (Cisco ANA) including the MPLS service view, business configuration, and maps: • Supported MPLS and VPN Technologies and Routing Protocols, page 1-1—Provides an overview to MPLS VPN technologies supported by Cisco ANA. • MPLS VPN Maps Overview, page 1-2—Provides an overview of MPLS VPN maps.
Chapter 1 Viewing MPLS VPNs MPLS VPN Maps Overview • Policy-Based Tunnel Selection (PBTS) for Cisco CRS-1 routers running Cisco IOS XR 3.6 software in MPLS or MPLS VPN networks. • Open Shortest Path First (OSPF). MPLS VPN Maps Overview Cisco ANA automatically discovers MPLS VPNs and displays their configurations and topologies in service view maps. The physical and logical inventory information that Cisco ANA discovers about network devices is displayed in network maps.
Chapter 1 Viewing MPLS VPNs VPN Topology Connections Layer 3 VPN Business Configuration The following business elements represent a Layer 3 VPN configuration: • Site (IP Interface)—Represents the VPN access point on the provider edge (PE) device. • Virtual Router—Represents a PE VRF. The Layer 3 VPN configuration hierarchy is composed of VPN business elements that in turn contain multiple virtual routers and sites.
Chapter 1 Viewing MPLS VPNs VPN Topology Connections Cisco ANA shows the actual tunnel state (up or down) for the Layer 2 logical link if discovered. The link appears with a minor severity (yellow) when the tunnel is down. Table 1-1 shows common MPLS VPN topology map icons. Table 1-1 Topology Topology Example Line Description Solid with arrows at either end. VPN topology (extranet). Solid with arrows at either end. VPN topology between virtual routers. Solid. Tunnel topology between LCPs.
Chapter 1 Viewing MPLS VPNs VPN Topology Connections Layer 3 VPN Map The Layer 3 VPN service view map presents existing Layer 3 VPNs in the network. At the top level, you can see inter-VPN (extranet) connections. Drilling down into each VPN presents the service view map, with the following: • Participating virtual routers and their associations with site entities. • Site entities and their associations with CE devices.
Chapter 1 Viewing MPLS VPNs VPN Topology Connections Figure 1-2 shows an example of the Cisco ANA NetworkVision window with an open service view map. Figure 1-2 Cisco ANA NetworkVision Window 1 Menu bar 5 Map pane 2 Toolbar 6 Ticket pane 3 Tree pane 7 Status bar 4 Aggregation 8 Hide or display ticket pane buttons The Cisco ANA NetworkVision window is divided into three areas or panes: Note • Tree pane. • Workspace, which includes the map pane, device view, and links view.
Chapter 1 Viewing MPLS VPNs VPN Topology Connections Tree Pane The Cisco ANA NetworkVision tree pane displays the VPN business elements in a tree and branch representation. Each business element is represented by an icon in a color that reflects the highest alarm severity. The icon might have a management state icon or alarm. Table 1-3 shows the tree and map pane icons. Table 1-3 Tree Pane Tree and Map Pane Icons Map Pane Represents Root (map name) or aggregation. VPN business element.
Chapter 1 Viewing MPLS VPNs VPN Topology Connections Map Pane The Cisco ANA NetworkVision map pane displays the VPN business elements and aggregated business elements loaded in the service view map, along with the names of the business elements. In addition, the map pane displays the VPN topology (between the virtual routers in the VPNs) and the topology and associations between other business elements. After you select the root in the tree pane, the service view map displays all the VPNs.
CH A P T E R 2 Managing MPLS VPN Maps The following topics tell you how to change service view maps by adding and removing VPNs and connecting CE devices. They also tell you how to create and dissolve aggregations. Topics include: • Adding a VPN to a Map, page 2-1—Describes how to add a VPN to the currently displayed service view map. • Removing a VPN from a Map, page 2-2—Describes how to change the service view map by removing a VPN from the currently active map.
Chapter 2 Managing MPLS VPN Maps Removing a VPN from a Map • Step 3 Select the VPN that you want to add to the map. Tip Step 4 VPNs that you manually created that are not yet loaded in the map. Press Shift or Ctrl to choose multiple adjoining or non adjoining VPNs. Click Add. The VPN is loaded in the service view map displayed in the Cisco ANA NetworkVision workspace. Step 5 Click Close. Removing a VPN from a Map You can remove one or more VPNs from the current active map.
Chapter 2 Managing MPLS VPN Maps Disconnecting a CE Device Note Device alarm tickets do not appear in the ticket pane of the Cisco ANA NetworkVision workspace until the device is added to the VPN service view map. Step 5 Click Close to close the Device List dialog box. Step 6 Right-click the site or LCP in the tree or map pane and choose Topology > Connect CE Device.
Chapter 2 Managing MPLS VPN Maps Creating an Aggregated Node The connected CE devices are hidden in the tree and map panes. Table 2-1 shows the displayed icons. Table 2-1 Icon Hidden Device Icons Description Site with one or more hidden connected devices. LCP with one or more one hidden connected devices. You can also manually remove the connected devices (some or all them) in order to hide them along with the links to sites or LCPs.
Chapter 2 Managing MPLS VPN Maps Disaggregating an Aggregated Node Step 3 Click Yes. The node is separated into its parts. Cisco Active Network Abstraction 3.6.
Chapter 2 Managing MPLS VPN Maps Disaggregating an Aggregated Node Cisco Active Network Abstraction 3.6.
CH A P T E R 3 Managing VPN Business Configurations The following topics tell you how to change business configurations using the functionality provided in service view maps. For more information about business configurations, see VPN Business Configurations, page 1-2. Note All operations described in this chapter affect elements on the current map. The operations do not affect other maps. • Creating a VPN, page 3-1—Describes how to manually create VPNs.
Chapter 3 Managing VPN Business Configurations Creating a VPN Step 4 In the Create VPN dialog box, enter the following: • Name—Enter a unique name for the new VPN. Note • Icon—If you want to use a custom icon for the VPN, click the button next to the Icon field and navigate to the icon file. Note • Step 5 VPN business element names are case sensitive. If a path is not specified to an icon the default VPN icon is used (for more information about icons see Table 1-3 on page 1-7).
Chapter 3 Managing VPN Business Configurations Moving a Virtual Router Moving a Virtual Router You can move a virtual router (including its sites) from one VPN to another after you create a VPN and add it to the service view map. Note Moving a virtual router moves all of its sites as well. To move a virtual router: Step 1 In the Cisco ANA NetworkVision tree pane or the map pane, right-click the virtual router and choose Edit > Move selected.
Chapter 3 Managing VPN Business Configurations Removing a Tunnel Figure 3-1 Step 2 Add Tunnels Dialog Box Select the tunnel or stranded peer and click Add. One of the following occurs: • If the tunnel or stranded peer is added under an LCA, the link between the peers appears in the map pane.
Chapter 3 Managing VPN Business Configurations Creating an LCA Creating an LCA You can manually create an LCA and populate it by moving LCPs and tunnels to it. Refer to the “Moving an LCP” section on page 3-6 and the “Adding a Tunnel to a VPN” section on page 3-3. To create an LCA: Step 1 In the Cisco ANA NetworkVision window tree or map pane, right-click the VPN and choose Create LCA. Step 2 In the Create LCA dialog box, enter a unique name for the new LCA. Step 3 Click OK. The new LCA is created.
Chapter 3 Managing VPN Business Configurations Moving an LCP Moving an LCP You can move an LCP to another VPN or LCA in the service view map. To move an LCP: Step 1 In the Cisco ANA NetworkVision tree or map pane, right-click the LCA and choose Edit > Move selected. Step 2 Right-click the VPN or LCA to which you want to move the LCP and choose Edit > Move here. The LCP moves to the VPN or LCA and is displayed in the tree and map panes of the selected VPN or LCA.
Chapter 3 Managing VPN Business Configurations Deleting a Business Element Deleting a Business Element You can delete business elements from the business model (database). However, if you delete a business element from the database, it can no longer be viewed in the Add Business Element to dialog box. You generally delete business elements only when the physical elements no longer exist.
Chapter 3 Managing VPN Business Configurations Deleting a Business Element Cisco Active Network Abstraction 3.6.
CH A P T E R 4 Viewing MPLS VPN Properties The following topics tell you how to use Cisco ANA to view the properties of VPNs, sites, virtual routers, and VRF instances. Topics include: • Viewing VPN Properties, page 4-1—Tells you how to view VPN properties. • Viewing Site Properties, page 4-1—Tells you how to view site properties. • Viewing Virtual Router Properties, page 4-2—Tells you how to view virtual router properties.
Chapter 4 Viewing MPLS VPN Properties Viewing Virtual Router Properties Step 2 In the Router IP Interface Properties window, view the following site properties: • Name—The name of the site; for example, ATM4/0.100(10.0.0.1) is a combination of the interface name and IP address used to reach the site. • Mask—The mask of the specific network. • Sending Alarms—Whether the alarm for the required port has been enabled (true) or disabled (false). • IP Address—The IP address of the interface.
Chapter 4 Viewing MPLS VPN Properties Viewing Virtual Router Properties Figure 4-1 VRF Properties 1 2 3 4 5 6 Step 2 1 IPv4 Address Family tab 2 IPv6 Address Family tab 3 Export route targets 4 Import route targets 5 Sites tab 6 VRF table In the VRF Properties window, view the following VRF properties: Note The VRF Properties window only displays properties and attributes that are provisioned in the VRF. You might not see all the fields and tabs described here.
Chapter 4 Viewing MPLS VPN Properties Viewing Virtual Router Properties • Sites—Displays the interfaces connected to the VRF. Properties include: – Interface—A hyperlink that displays the inventory window for the IP interface linked to the site on the PE side. – Name—The name of the site; for example, ATM4/0.100(10.0.0.1) is a combination of the interface name and IP address used to reach the site. – IP Address—The IP address of the interface. – Mask—The subnet mask.
Chapter 4 Viewing MPLS VPN Properties Viewing VRF Properties in the Inventory Window Note You can also open a VRF table by right-clicking the virtual router in the Cisco ANA NetworkVision tree or map pane and selecting Open VRF Table. For more information about the columns displayed in the VRF Table window, see Viewing Virtual Router Properties, page 4-2.
Chapter 4 Viewing MPLS VPN Properties Viewing VRF Properties in the Inventory Window Figure 4-2 VRF Properties From a Device Inventory Window 3 1 2 1 Logical Inventory 2 VRFs provisioned on the device 3 VRF properties To view VRFs provisioned on a device: Step 1 Right-click a device in the Cisco ANA NetworkVision tree or map pane and choose Inventory. Step 2 In the tree pane, expand the Logical Inventory tree to display the VRFs.
Chapter 4 Viewing MPLS VPN Properties Working with the VPN Service Overlay Working with the VPN Service Overlay In addition to network and service view maps, you can select and display an overlay of a specific VPN on top of the devices displayed on the network map. The overlay is a snapshot of the network that visualizes the flows between the sites and tunnel peers.
Chapter 4 Viewing MPLS VPN Properties Working with the VPN Service Overlay • Overlay information, such as link and layer details • Callouts for the VPN network Displaying or Hiding Overlays You can quickly display or hide a previously defined overlay of a specific VPN on top of the physical devices displayed on the network map in the map pane. To show or hide the overlay: Step 1 Select and display the required network map in the Cisco ANA NetworkVision window.
Chapter 4 Viewing MPLS VPN Properties Working with the VPN Service Overlay 1 Details of the link and the direction. In this 3 example, the link is from P-North to PE-West. Details of sites using the link and interconnections. In this example, the site PE-West is connected to all sites on PE-South. 2 Details of the sites using the link and interconnections. In this example, the site PE-88 is connected to site PE-West. 4 Details of the link and the direction.
Chapter 4 Viewing MPLS VPN Properties Working with the VPN Service Overlay Cisco Active Network Abstraction 3.6.
CH A P T E R 5 Viewing MPLS Logical Inventory The following topics describe the device logical inventory specific to MPLS VPNs including routing entities, LSEs, BGP neighbors, Multiprotocol BGP (MP-BGP), VRF instances, and pseudowire and TE tunnels. Topics include: Note • MPLS VPN Logical Inventory Overview, page 5-1—Introduces the concepts of physical and logical inventory.
Chapter 5 Viewing MPLS Logical Inventory Viewing MPLS VPN Properties Viewing MPLS VPN Properties Cisco ANA maintains a real-time, autodiscovered, physical and logical inventory of the network elements and the relationships among them. Cisco ANA automatically reflects every addition, deletion, and modification that occurs in the network. MPLS VPN logical inventory information displayed in the inventory window changes according to the item selected in the tree pane.
Chapter 5 Viewing MPLS Logical Inventory Viewing MPLS VPN Properties Figure 5-1 Inventory Window 1 2 3 4 Step 3 Step 4 1 Device inventory window 3 Logical inventory 2 Logical inventory container groups 4 Physical inventory To view the specific MPLS VPN properties, see the following sections: • Viewing Routing Entities, page 5-4 • Viewing the ARP Table, page 5-5 • Viewing Rate Limit Information, page 5-5 • Label Switching Table Tab, page 5-6 • Traffic Engineering LSPs Tab, page 5-7
Chapter 5 Viewing MPLS Logical Inventory Viewing MPLS VPN Properties Viewing Routing Entities The Routing Entity logical inventory branch displays the following routing entity information: • Changes Number—The number of changes to the currently displayed routing entity. • Name—The name of the routing entity. The IP Interfaces tab includes the following information: • Name—The site name; for example, ATM4/0.100(10.0.0.1) is a combination of the interface name and IP address used to reach the site.
Chapter 5 Viewing MPLS Logical Inventory Viewing MPLS VPN Properties • Routing Protocol—The routing protocol used to communicate with other routers. • Sending Alarms—This option is currently unavailable. • Outgoing Interface Name—The name of the outgoing interface; displayed if the Routing Protocol type is local. Viewing the ARP Table The ARP Entity branch displays the following Address Resolution Protocol (ARP) information: • MAC—The interface MAC address. • Interface—The interface name.
Chapter 5 Viewing MPLS Logical Inventory Viewing MPLS VPN Properties Viewing a Label Switched Entity The LSEs logical inventory branch displays incoming and outgoing label information.
Chapter 5 Viewing MPLS Logical Inventory Viewing MPLS VPN Properties Traffic Engineering LSPs Tab The Traffic Engineering LSPs tab describes the MPLS traffic engineering Label Switched Paths (LSPs) provisioned on the switch entity. MPLS traffic engineering LSP, an extension to MPLS TE, provides flexibility when configuring LSP attributes for MPLS TE tunnels. Traffic engineering LSP properties include: • LSP Type—The LSP role: head, tail, middle, all, remote • Source Address—The source IP address.
Chapter 5 Viewing MPLS Logical Inventory Viewing MPLS VPN Properties Two LDP peer discovery types are supported: Note • Basic discovery—Used to discover directly connected LDP LSRs. An LSR sends hello messages to the all-routers-on-this-subnet multicast address, on interfaces for which LDP has been configured. • Extended discovery—Used between indirectly connected LDP LSRs. An LSR sends targeted hello messages to specific IP addresses.
Chapter 5 Viewing MPLS Logical Inventory Viewing MPLS VPN Properties Viewing MP-BGP Information The MP-BGP branch displays information about a router’s BGP neighbors. Clicking the high-level MP-BGP category displays the following property in the Cisco ANA workspace: • MPBGP—The MP-BGP peer running on the local router. Right-clicking MP-BGPs and choosing Properties displays the same property in the MPBGPs - FW Component Container Properties window.
Chapter 5 Viewing MPLS Logical Inventory Viewing MPLS VPN Properties • Name—The name of the VRF. The Export/Import Route Targets areas displayed in the VRF Properties dialog box specify separately the export and import policies for each VRF. The VRF Properties dialog box is divided into two tabs, namely, the Sites and VRF Table tabs. The sites tab displays the interfaces connected to the VRF and the configuration of the interfaces.
Chapter 5 Viewing MPLS Logical Inventory Viewing Port Configuration Step 5 • Sending Alarms—This option is currently unavailable. • Outgoing Int Name—The name of the outgoing interface; displayed if the Routing Protocol type is local. Press Ctrl + F4 to close the VRF Properties window.
Chapter 5 Viewing MPLS Logical Inventory Viewing Pseudowire End-to End Emulation Tunnels • Mask—The details of the dotted decimal mask. • VC—If the subinterface is defined above an ATM or Frame-Relay physical interface and it uses a VC-based encapsulation, it is the VC used in this encapsulation. • IP Interface—A hyperlink that displays the VRF properties in the inventory window for the IP interface. • VRF Name—The name of the VRF.
Chapter 5 Viewing MPLS Logical Inventory Viewing MPLS TE Tunnel Information • Tunnel ID—The identifier that, along with the router IP addresses of the two tunnel edges, identifies the PWE3 tunnel. • Peer Router IP—The IP of the peer tunnel edge, which is used as the MPLS router ID. • Signaling Protocol—The protocol used by MPLS to build the tunnel, for example, LDP or TDP. • Sending Alarms—This option is currently unavailable.
Chapter 5 Viewing MPLS Logical Inventory Viewing Access List Information The Traffic Engineering LSPs Label Switching sub-branch displays the TE tunnel LSP information. Devices that have LSPs running TE tunnels (either as a head end, mid-point, or a tail end), display the following information: • LSP Type—The type of LSP: – Head—A tunnel starting at this device. – Midpoint—A tunnel passing through this device. – Tail—A tunnel terminating at this device.
Chapter 5 Viewing MPLS Logical Inventory Viewing Access List Information • Action—The type of action that will occur when the rules are met: – Permit—If the rules match, proceeds to the next rule. – Deny—If the rules do not match, does not proceed to the next rule. • Protocol—The type of protocol that is checked, for example, IP, TCP, ICMP, and other protocols. • Source—The packet source IP address.
Chapter 5 Viewing MPLS Logical Inventory Viewing Access List Information Cisco Active Network Abstraction 3.6.
CH A P T E R 6 IPv6 VPN over MPLS IPv6 VPN over MPLS, also known as 6VPE, uses the existing MPLS IPv4 core infrastructure for IPv6 transport to enable IPv6 sites to communicate over an MPLS IPv4 core network using MPLS label switch paths (LSPs). 6VPE relies on MP-BGP extensions in the IPv4 network configuration on the PE router to exchange IPv6 reachability information.
Chapter 6 IPv6 VPN over MPLS 6VPE Overview 6VPE Overview Figure 6-1 illustrates the 6VPE network architecture and control plane protocols when two IPv6 sites communicate through an MPLS IPv4 backbone. Figure 6-1 Customer#1 site1 6VPE Network Architecture Default routing table 2001:100:1:1000::/56 200.14.14.1 Customer#1 site2 routing table “red” 2001:100:1:2000::/56 BGP table CE CE1 5 1 200.11.11.1 200.10.10.
Chapter 6 IPv6 VPN over MPLS Viewing IPv4 and IPv6 Addresses Viewing IPv4 and IPv6 Addresses Cisco ANA transparently handles IPv4 and IPv6 addresses within the limitations described in the “Cisco ANA 6VPE Support Limitations” section on page 6-5. Cisco ANA NetworkVision displays IPv6 addresses when they are configured on PE and CE routers in the Cisco ANA NetworkVision IP interface table.
Chapter 6 IPv6 VPN over MPLS Viewing IPv4 and IPv6 Addresses Figure 6-2 Port with IPv4 and IPv6 Addresses 1 2 3 4 5 6 1 Port interface 2 Port subinterface table 3 Primary IPv4 address 4 Properties window 5 Primary IPv4 address 6 IPv6 addresses Figure 6-3 shows a Cisco CRS-1 port with only IPv6 addresses provisioned. In this example, the lowest IPv6 address is shown in the subinterface table, and all IPv6 addresses are shown in the interface properties window.
Chapter 6 IPv6 VPN over MPLS Cisco ANA 6VPE Support Limitations Figure 6-3 Port with IPv6 Addresses 1 2 3 4 5 1 Port interface 2 Port subinterface table 3 Lowest IPv6 address 4 Properties window 5 All IPv6 addresses Cisco ANA 6VPE Support Limitations Cisco ANA 6VPE support is limited to devices and software versions shown in Table 6-2. Table 6-2 Supported 6VPE Devices Device Software Version Notes Cisco CRS-1 Carrier Routing System XR 3.7.1 6VPE device in an L3 VPN network.
Chapter 6 IPv6 VPN over MPLS IPv6 Addressing • The Cisco ANA NetworkVision VRF table does not display IPv6 VRF routing information. • If an interface or subinterface does not have an IPv4 or IPv6 IP address, the interface is not discovered and not shown in Cisco ANA NetworkVision. • The Layer 1 topology between 6VPE and an IPv6 CE is discovered only when CDP is enabled. • BGP neighbor discovery does not occur between PE and CE interfaces configured with IPv6 addresses only.
Chapter 6 IPv6 VPN over MPLS IPv6 Addressing Table 6-3 IPv6 Addresses with Compression Address Type Non-Compressed IPv6 Address Compressed IPv6 Address Unicast 1080:0:0:0:8:800:200C:417A 1080::8:800:200C:417A Multicast FF01:0:0:0:0:0:0 FF01::101 Loopback 0:0:0:0:0:0:0:1 ::1 Unspecified 0:0:0:0:0:0:0:0 :: In mixed IPv4 and IPv6 address nodes, the format x:x:x:x:x:x:d.d.d.
Chapter 6 IPv6 VPN over MPLS Provisioning Route Targets If a prefix length is not explicitly specified, it is calculated as the number of furthest left significant bits in the subnet address. Provisioning Route Targets Cisco ANA 3.6.6 allows you to create VRF route targets and assign IPv4 and IPv6 address families to them using one of the following methods: • In the Cisco NetworkVision device logical inventory, right-click a VRF and choose Add Route Target (see Figure 6-4).
Chapter 6 IPv6 VPN over MPLS Provisioning Route Targets Figure 6-5 Note Command Builder Route Target Commands To assign address families to VPN communities, the VRF must have been created with the vrf definition Cisco IOS command. Address families cannot be assigned to VRFs created with the ip vrf command.
Chapter 6 IPv6 VPN over MPLS Provisioning Route Targets Figure 6-6 1 2 Add Route Target Export with Address Family Dialog Box 3 4 5 6 7 1 Input tab 2 Result tab 3 VPN Community field 4 Route Target field 5 Address Family field 6 Preview button 7 Execute button You can click Preview to preview the command sequence in the Result tab (Figure 6-7). Cisco Active Network Abstraction 3.6.
Chapter 6 IPv6 VPN over MPLS Provisioning Route Targets Figure 6-7 Add Route Target Export with Address Family Preview After you execute the command on the device, you view the commands that were executed on the device in the Result tab (Figure 6-8). Figure 6-8 Execution Results for Add Route Target Export with Address Family Cisco Active Network Abstraction 3.6.
Chapter 6 IPv6 VPN over MPLS Provisioning Route Targets Use the following procedures to enable IPv6 VRFs and add or delete route targets with IPv4 and IPv6 address families: • Enabling IPv6 VRFs, page 6-12 • Adding Route Targets with IPv4 and IPv6 Address Families, page 6-12 • Deleting Route Targets with IPv4 and IPv6 Address Families, page 6-13 Enabling IPv6 VRFs To configure a VRF with an IPv6 address family, IPv6 VRF must be enabled on the device.
Chapter 6 IPv6 VPN over MPLS Provisioning Route Targets Step 5 If you want to preview the route target, click Preview. The Result tab displays the commands that will be executed on the device. Step 6 Click Execute. The Result tab displays the commands that were executed on the device. Step 7 Click Close to close the window.
Chapter 6 IPv6 VPN over MPLS Provisioning Route Targets Figure 6-9 Deleting Route Targets 3 4 5 1 2 Cisco Active Network Abstraction 3.6.
CH A P T E R 7 MPLS Network Faults The following topics describe the alarms that Cisco ANA detects and reports for MPLS, LSP, LDP, BGP, TE tunnels, and Layer 2 VPNs. Topics include: Note • MPLS Network Alarms Overview, page 7-1—Provides a summary of the MPLS and VPN alarms supported in Cisco ANA. • BGP Neighbor Loss Alarm, page 7-2—Describes the BGP Neighbor Loss alarm. • BGP Process Down Alarm, page 7-3—Describes the BGP Process Down alarm.
Chapter 7 MPLS Network Faults BGP Neighbor Loss Alarm Table 7-1 MPLS Network Alarms Supported by Cisco ANA Alarm Default Severity Description Up Alarm BGP Neighbor Loss Red (critical) Generated whenever BGP connectivity is lost to a specific device. BGP Neighbor Found Broken LSP Discovered Orange (major) Activates a backward flow on the untagged N/A entry to traverse the full LSP path passing through it.
Chapter 7 MPLS Network Faults BGP Process Down Alarm The BGP Neighbor Loss alarm is detected actively by the system and service alarms are generated. The system also supports BGP neighbor down syslogs. When the VNE BGP component polls the BGP neighbor status (expedite or normal polling) and finds an entry for a neighbor no longer exists or its state changed from Established to another state, the BGP component issues a BGP Neighbor Loss alarm.
Chapter 7 MPLS Network Faults LDP Neighbor Down Alarm Figure 7-1 Example of an MPLS Black Hole Scenario VPN1 PE2 Provider network VPN3 P2 PE3 VPN3 154563 VPN1 In this case, Cisco ANA does the following: • Identifies untagged label switching entries on P2 and PE3. • Issues MPLS Black Hole Found alarms on the interfaces on both sides of the link (since the LSP is unidirectional).
Chapter 7 MPLS Network Faults MPLS Black Hole Found Alarm If a session to an LDP neighbor goes down, an LDP Neighbor Down alarm is issued. This can happen as the result of a failure in the TCP connection used by the LDP session, or if the interface is no longer running MPLS. The LDP neighbor down alarm is cleared by a corresponding LDP Neighbor Up alarm. The alarm is issued when a peer is removed from the table in the LDP Neighbors tab.
Chapter 7 MPLS Network Faults Pseudo Wire MPLS Tunnel Down Alarm For Cisco CRS-1 routers running Cisco IOS XR 3.6 software and using PBTS in MPLS or MPLS VPN networks, Cisco ANA supports the following ubalarms for the MPLE TE Tunnel Down alarm: • High Priority MPLS TE Tunnel Down • Medium Priority MPLS TE Tunnel Down • Low Priority MPLS TE Tunnel Down The specific subalarm that is generated depends on the EXP bit specified for the traffic.
CH A P T E R 8 Impact Analysis in MPLS Networks The following topics provide an overview of the service impact analysis solution and supported scenarios, which are used in VPN networks that are based on MPLS, including Layer 3 and Layer 2 VPNs. In addition, theybriefly describes proactive and automatic impact analysis. • Service Impact Analysis Overview, page 8-1—Describes the service impact analysis solution.
Chapter 8 Impact Analysis in MPLS Networks Service Impact Analysis For MPLS-Based VPN Services Note The reported impact severities vary between fault scenarios. For more information about specific support for each fault scenario, see Supported Fault Scenarios, page 8-3. Note After the alarm clears, no Clear state for the affected services is generated. However, you can verify that the alarm cleared by checking the Alarm Clear State column in the Affected Parties tab of the Ticket Properties window.
Chapter 8 Impact Analysis in MPLS Networks Supported Fault Scenarios Figure 8-1 shows an example with two PEs, A and B, and a VRF in the same VPN. The Layer 3 VPN faults that are reported are AX – BX. Figure 8-1 Layer 3 VPN Example Pseudowire (L2 VPN) Report When a pseudowire tunnel goes down and an alarm occurs, the affected service resources are calculated by tracing the LSP to the edge of the pseudowire tunnel and collecting the affected pairs from both sides of the pseudowire tunnel.
Chapter 8 Impact Analysis in MPLS Networks Supported Fault Scenarios Link Down Scenario Table 8-1 shows the impact calculations and reported affected severities for a link down fault scenario. Table 8-1 Link Down Scenario Impact and Affected Severity Description Impact calculation Reported affected severity Initiates an affected flow to determine the affected parties using the LSPs traversing the link. • The Link Down alarm creates a series of affected severity updates over time.
Chapter 8 Impact Analysis in MPLS Networks Supported Fault Scenarios BGP Neighbor Loss Scenario Table 8-3 shows the impacted calculations and reported affected severities for a BGP neighbor loss fault scenario. Table 8-3 BGP Neighbor Loss Scenario Impact and Affected Severity Description Impact calculation Reported affected severity • Initiates a local affected flow to all VRFs that are present on the issuing device.
Chapter 8 Impact Analysis in MPLS Networks Supported Fault Scenarios Figure 8-2 Route Reflector Example Router A (RR) IF 3 IF 1 IF 2 IF 1 Router D IF 2 Router B IF 2 IF 1 Router C 154564 IF 1 In the example, the following configuration is applied: • Router A (router ID A) has clients configured B, C, and D. Therefore it serves as the route reflector for these BGP routers. • Routers B, C, and D all have Router A as a BGP non-client neighbor.
Chapter 8 Impact Analysis in MPLS Networks Supported Fault Scenarios • Router D notes that the ID of Router B is no longer learned through interface 2. • No impact analysis is performed. Broken LSP Discovered Scenario Table 8-4 shows the impacted calculations and reported affected severities for a broken LSP discovered fault scenario.
Chapter 8 Impact Analysis in MPLS Networks Supported Fault Scenarios Cisco Active Network Abstraction 3.6.
CH A P T E R 9 Using Cisco ANA PathTracer in MPLS Networks The following topics describe how you can use the Cisco ANA PathTracer for Layer 2 and Layer 3 VPNs, and for MPLS TE tunnels: • Cisco ANA PathTracer Tracing Capability, page 9-1—Provides a brief description of Cisco ANA PathTracer. • Using Cisco ANA PathTracer in MPLS Networks, page 9-2—Tells you how to use Cisco ANA PathTracer.
Chapter 9 Using Cisco ANA PathTracer in MPLS Networks Using Cisco ANA PathTracer in MPLS Networks Cisco ANA PathTracer enables you to view multiple paths between the source and the destination (or from a source to number of destinations) in the Cisco ANA PathTracer multipath window, or to view a selected single path in the Cisco ANA PathTracer single-path window: Note • Cisco ANA PathTracer multipath window—Displays all the discovered paths available between the selected source and destination, includ
Chapter 9 Using Cisco ANA PathTracer in MPLS Networks Cisco ANA PathTracer Windows Table 9-1 Cisco ANA PathTracer Starting Points (continued) Element Location Start Options Business tag attached to the VPI/VCI or IP interface The path can be found using a business tag, which is attached to the VPI/VCI or IP interface by entering its key. It can then be opened from the Find Business Tag window. To IP Destination Layer 2 MPLS Tunnel Inventory window. To IP Destination LCP Service view map.
Chapter 9 Using Cisco ANA PathTracer in MPLS Networks Cisco ANA PathTracer Windows Figure 9-1 Cisco ANA PathTracer Multipath Window 1 Menu bar 2 Toolbar 3 Map path traced at... tabs 4 Map pane 5 Status bar 6 Paths pane The Cisco ANA PathTracer single-path window (Figure 9-2) displays the discovered-path devices and links, as well as path layer properties. The Cisco ANA PathTracer single-path window enables you to: • View a map of the intermediate network elements.
Chapter 9 Using Cisco ANA PathTracer in MPLS Networks Cisco ANA PathTracer Windows Figure 9-2 Cisco ANA PathTracer Single-Path Window 1 Menu bar 2 Toolbar 3 Map pane 4 Status bar 5 Layer tabs 6 Properties table 7 Hide or display Properties table The Cisco ANA PathTracer single-path window displays information regarding each device. The information is either plain data that was extracted from the device or calculated data such as rates or statistics.
Chapter 9 Using Cisco ANA PathTracer in MPLS Networks Using Cisco ANA PathTracer for Layer 3 VPN Using Cisco ANA PathTracer for Layer 3 VPN Cisco ANA Path Tracer uses VRF routing and label switching information to trace the path from one VRF interface to another. If you choose a start and endpoint from the right-click menu, you can open the Cisco ANA PathTracer for Layer 3 VPNs. The Cisco ANA PathTracer multipath window shows the VPN topology map.
Chapter 9 Using Cisco ANA PathTracer in MPLS Networks Using Cisco ANA PathTracer for MPLS TE Tunnels To view Layer 2 path information, choose the Layer 2 tab and choose Show All from the View menu. The path information is displayed in the active tab. Note Selecting a device or link on the map automatically highlights the related parameters in the table. Layer 2 properties that may be displayed in the Layer 2 tab relating specifically to VPNs include: • Outer Label—The details of the outer MPLS label.
Chapter 9 Using Cisco ANA PathTracer in MPLS Networks Using Cisco ANA PathTracer for MPLS TE Tunnels Viewing MPLS TE Tunnel Information Layer 2 and Layer 3 Cisco ANA PathTracer information is displayed in the Cisco ANA PathTracer windows when a path is traced over MPLS TE tunnels. To view Layer 2 path information, choose the Layer 2 tab and choose Show All from the View menu. The path information is displayed in the active tab.
A P P E N D I X A Running a VPN Leak Report The VPN leak report lists all the leaks that exist between VPNs. You implement the VPN leak report command using Broadband Query Language (BQL). BQL is a generic machine interface language implemented by the Cisco ANA gateway for general northbound integration. BQL covers all Cisco ANA functionality. Note You should be familiar with BQL structure before you run the VPN Leak Report command.
Appendix A Running a VPN Leak Report Cisco Active Network Abstraction 3.6.
INDEX Numerics 6VPE, and Cisco ANA 6-3 1-3 Layer 3 1-3 overview 6VPE, network architecture 6VPE, overview Layer 2 6-2 1-2 business configurations 6-2 3-6, 3-7 See also VPN, LCA, LCP 6VPE, support limitations 6-5 C A callouts, VPN service overlay access lists, viewing 5-14 CE Address family, assigning using Cisco ANA NetworkVision 6-8 disconnecting in maps Add route target, with address family execution results 6-11 linking in maps Add route target with address family, preview displa
Index impact analysis LDP moving 8-1 LCP 7-4 MPLS 3-5 adjacent 7-5 summary disconnecting in map 7-1 supported scenarios traffic engineering 3-6 2-3 displaying or hiding CE 8-3 linking in map 7-5 moving 2-3 2-2 3-6 LDP I faults technology support icons maps 7-4 leak reports (VPN) 1-7 topology Link Down alarm 1-4 impact analysis A-1 8-4 Link Overutilized alarm 8-1 service, MPLS-based VPN IPv4 and IPv6 route targets, deleting IPv6, addresses with compression IPv6, address
Index access lists, viewing ARP table PathTracer 5-9 endpoints 7-5 impact analysis 9-3 GUI overview 8-2 LSEs, viewing maps P 5-5 BGPs, viewing faults 5-14 overview 5-6 9-3 9-1 starting points 1-2 PathTracer and PBTS technology support 9-2 properties, viewing PWE3s, viewing rate limit information ports, viewing configuration Provisioning, route targets VRFs, viewing 6-8 Pseudo Wire (L2 VPN) MPLS Tunnel Down alarm 7-6 5-13 traffic engineering, support 1-1 pseudowire 1-1 TE T
Index MPLS properties overlays 5-1, 5-2 4-7, 4-8 overview VPNs business configuration (Layer 3) 1-3 3-1 icons, maps 2-2 Layer 2 faults 3-3, 3-4 virtual routers 1-3 creating 1-2 removing VPNs tunnels business configuration (Layer 2) leak reports sites maps, MPLS 2-4 disconnecting in map 2-3 displaying or hiding CD linking in map overview 2-3 removing from map 2-2 1-2, 4-1 1-3 virtual routers 1-2 1-2 4-1 sites 4-2 VRF 4-1 cross-VRF routing entries inventory details T view
