MCP uses OpenContrail with vMX routers in its cloud deployments as they provide a rich set of features particularly beneficial for NFV use cases and which allow easy network scale-out.
Note
Warning
For this section vSRX has been used instead of vMX, but the process is same for both of them.
To troubleshoot the vMX router:
Log in to a Mirantis OpenContrail controller ntw
node.
Verify the BGP Routers configuration using the Introspect section in web UI. Web UI is accessible directly or through HAProxy with the port 9100.
curl http://control01:8082/bgp-routers
The command above returns a list of all routers defined in the OpenContrail cluster.
Example of system response:
{
"bgp-routers": [
{
"uuid": "443af522-2463-4960-a2b3-77b6b6a46fef",
"fq_name": [
"default-domain",
"default-project",
"ip-fabric",
"__default__",
"ntw03"
],
"href": "http://10.167.4.20:8082/bgp-router/443af522-2463-4960-a2b3-77b6b6a46fef"
},
...
{
"uuid": "8af298c2-2a12-452b-86ce-54bff3ce2d9d",
"fq_name": [
"default-domain",
"default-project",
"ip-fabric",
"__default__",
"vsrx1"
],
"href": "http://10.167.4.20:8082/bgp-router/8af298c2-2a12-452b-86ce-54bff3ce2d9d"
}
]
}
Display the detailed information about the vRouter using the URL from the command above:
curl http://10.167.4.20:8082/bgp-router/443af522-2463-4960-a2b3-77b6b6a46fef
Example of system response:
{
"bgp-router": {
"name": "vsrx1",
...
"fq_name": [
"default-domain",
"default-project",
"ip-fabric",
"__default__",
"vsrx1"
],
"bgp_router_refs": [
{
"uuid": "fb39d3e8-6be0-4e69-b13d-bd69c1685c6c",
"attr": {
"session": ....
},
"href": "http://10.167.4.22:9100/bgp-router/fb39d3e8-6be0-4e69-b13d-bd69c1685c6c",
"to": [
"default-domain",
"default-project",
"ip-fabric",
"__default__",
"ntw03"
]
},
{
"uuid": "426affc9-b05c-47d8-b0ba-ffe72e59d984",
"attr": {
"session": .....
},
"href": "http://10.167.4.22:9100/bgp-router/426affc9-b05c-47d8-b0ba-ffe72e59d984",
"to": [
"default-domain",
"default-project",
"ip-fabric",
"__default__",
"ntw02"
]
},
{
"uuid": "50f1a77e-9807-4024-b889-f771f2b97835",
"attr": {
"session": .....
},
"href": "http://10.167.4.22:9100/bgp-router/50f1a77e-9807-4024-b889-f771f2b97835",
"to": [
"default-domain",
"default-project",
"ip-fabric",
"__default__",
"ntw01"
]
}
],
"display_name": "vsrx1",
"uuid": "2097b2c0-65ac-4c2f-ab0b-aaef2bf9e95a",
"parent_uuid": "8356722f-02d9-4a57-baaf-1f5013e263f5",
"parent_href": "http://10.167.4.22:9100/routing-instance/8356722f-02d9-4a57-baaf-1f5013e263f5",
"parent_type": "routing-instance",
"bgp_router_parameters": {
"address_families": {
"family": [
"route-target",
"inet-vpn",
"e-vpn",
"inet6-vpn"
]
},
"autonomous_system": 64512,
"hold_time": 0,
"identifier": "10.167.4.100",
"router_type": "router",
"source_port": null,
"gateway_address": null,
"vendor": "mx",
"admin_down": false,
"ipv6_gateway_address": null,
"port": 179,
"local_autonomous_system": null,
"auth_data": null,
"address": "10.167.4.100"
},
"perms2": {
"share": [],
"global_access": 0,
"owner_access": 7,
"owner": "cloud-admin"
},
"href": "http://10.167.4.22:9100/bgp-router/2097b2c0-65ac-4c2f-ab0b-aaef2bf9e95a"
}
}
In the output above, you can verify such important parameters as
autonomous_system
, vendor
, and others.
Log in to the vMX/vSRX router.
Verify peer BGR routers and the AS number:
root@vsrx1% cli
root@vsrx1> show bgp summary
Example of system response:
Groups: 1 Peers: 3 Down peers: 0
Unconfigured peers: 3
Table Tot Paths Act Paths Suppressed History Damp State Pending
bgp.l3vpn.0 54 27 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.167.4.21 64512 66176 66588 0 0 3w1d23h Establ
bgp.l3vpn.0: 0/0/0/0
10.167.4.22 64512 117437 100892 0 0 4w6d20h Establ
bgp.l3vpn.0: 27/27/27/0
public.inet.0: 5/5/5/0
10.167.4.23 64512 85912 69311 0 0 3w2d21h Establ
bgp.l3vpn.0: 0/27/27/0
public.inet.0: 0/5/5/0
View the current configuration:
root@vsrx1> show configuration routing-options
Example of system response:
route-distinguisher-id 10.109.3.250;
autonomous-system 64512;
dynamic-tunnels {
dynamic_overlay_tunnels {
source-address 10.167.4.100;
gre;
destination-networks {
10.109.3.0/24;
172.16.10.0/24;
10.167.4.0/24;
}
}
}
Note
The command above returns current configuration. When you want
to view the latest changes, use compare rollback
:
root@vsrx1> show configuration | compare rollback 1
- source-address 10.167.4.20;
+ source-address 10.167.4.100;
The number after rollback
signifies the number of commit to
which to compare this configuration.
If you have a BGP peer down error with incorrect family:
Verify the BGP peer UVE:
curl http://nal01:9081/analytics/uves/bgp-peers
User Visible Entities are OpenContrail resources, such as virtual network, virtual machines, vrouter, routing-instances, and so on. UVE APIs are used to query these resources.
Search for the vMX/vSRX BGP peer by name in the list.
In the sample output, families
is the family advertised by the peer and
configured_families
is what is provisioned. In the sample output, the
families configured on the peer have a mismatch, thus the peer does not move
to an established state. You can verify it in the peer UVE.
Fix the families mismatch in the sample by updating the configuration on the MX Series router, using Junos CLI:
set protocols bgp group contrail-control-nodes family inet-vpn unicast
After committing the CLI configuration, the peer comes up. Verify it with UVE.
Verify the peer status on the MX router using Junos CLI:
run show bgp neighbor 10.167.4.21
Check the router in MX/vSRX:
Use Junos CLI show commands from the router to check the route.
root@vsrx1> run show route table public.inet.0
public.inet.0: 8 destinations, 13 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 4w6d 22:49:22
> to 172.17.32.193 via ge-0/0/0.0
172.17.32.192/26 *[Direct/0] 4w6d 22:49:22
> via ge-0/0/0.0
172.17.32.240/32 *[Local/0] 4w6d 22:49:22
Local via ge-0/0/0.0
<floating_ip0>/32 *[BGP/170] 4w3d 00:41:07, MED 100, localpref 200, from 10.167.4.22
AS path: ?
> via gr-0/0/0.32769, Push 40
[BGP/170] 3w3d 00:30:48, MED 100, localpref 200, from 10.167.4.23
AS path: ?
> via gr-0/0/0.32769, Push 40
<floating_ip1>/32 *[BGP/170] 3w3d 00:28:16, MED 100, localpref 200, from 10.167.4.22
AS path: ?
> via gr-0/0/0.32770, Push 19
[BGP/170] 3w3d 00:30:48, MED 100, localpref 200, from 10.167.4.23
AS path: ?
> via gr-0/0/0.32770, Push 19
<floating_ip2>/32 *[BGP/170] 4w5d 23:22:58, MED 100, localpref 200, from 10.167.4.22
AS path: ?
> via gr-0/0/0.32769, Push 29
[BGP/170] 3w3d 00:30:48, MED 100, localpref 200, from 10.167.4.23
AS path: ?
> via gr-0/0/0.32769, Push 29
<floating_ip2>/32 *[BGP/170] 2d 01:50:04, MED 100, localpref 200, from 10.167.4.22
AS path: ?
> via gr-0/0/0.32770, Push 37
[BGP/170] 2d 01:50:04, MED 100, localpref 200, from 10.167.4.23
AS path: ?
> via gr-0/0/0.32770, Push 37
<floating_ip4>/32 *[BGP/170] 2d 01:31:11, MED 100, localpref 200, from 10.167.4.22
AS path: ?
> via gr-0/0/0.32770, Push 39
[BGP/170] 2d 01:31:11, MED 100, localpref 200, from 10.167.4.23
AS path: ?
> via gr-0/0/0.32770, Push 39
In the output above, you can find the floating IP address what you want to debug.
To view the detailed output, run:
root@vsrx1> show route 172.17.35.8/32 detail
Proceed to Troubleshoot a VM forward and reverse flow.