Troubleshoot the vMX router

Troubleshoot the vMX router

MCP uses OpenContrail with vMX routers in its cloud deployments as they provide a rich set of features particularly beneficial for NFV use cases and which allow easy network scale-out.

Note

  • AS (Autonomous System) number is a 2/4 byte identifier for a network segment/organization

  • OpenContrail supports only 2-byte AS numbers (1-65534)

  • Typically, the private AS numbers are being used (64512-65534)

  • The AS number must be the same on the MX and contrail controllers

  • MX uplink peers might be in different ASNes

Warning

For this section vSRX has been used instead of vMX, but the process is same for both of them.

To troubleshoot the vMX router:

  1. Log in to a Mirantis OpenContrail controller ntw node.

  2. Verify the BGP Routers configuration using the Introspect section in web UI. Web UI is accessible directly or through HAProxy with the port 9100.

    curl http://control01:8082/bgp-routers
    

    The command above returns a list of all routers defined in the OpenContrail cluster.

    Example of system response:

    {
      "bgp-routers": [
        {
          "uuid": "443af522-2463-4960-a2b3-77b6b6a46fef",
          "fq_name": [
            "default-domain",
            "default-project",
            "ip-fabric",
            "__default__",
            "ntw03"
          ],
          "href": "http://10.167.4.20:8082/bgp-router/443af522-2463-4960-a2b3-77b6b6a46fef"
        },
        ...
        {
          "uuid": "8af298c2-2a12-452b-86ce-54bff3ce2d9d",
          "fq_name": [
            "default-domain",
            "default-project",
            "ip-fabric",
            "__default__",
            "vsrx1"
          ],
          "href": "http://10.167.4.20:8082/bgp-router/8af298c2-2a12-452b-86ce-54bff3ce2d9d"
        }
      ]
    }
    
  3. Display the detailed information about the vRouter using the URL from the command above:

    curl http://10.167.4.20:8082/bgp-router/443af522-2463-4960-a2b3-77b6b6a46fef
    

    Example of system response:

    {
      "bgp-router": {
        "name": "vsrx1",
        ...
        "fq_name": [
          "default-domain",
          "default-project",
          "ip-fabric",
          "__default__",
          "vsrx1"
        ],
        "bgp_router_refs": [
          {
            "uuid": "fb39d3e8-6be0-4e69-b13d-bd69c1685c6c",
            "attr": {
              "session": ....
            },
            "href": "http://10.167.4.22:9100/bgp-router/fb39d3e8-6be0-4e69-b13d-bd69c1685c6c",
            "to": [
              "default-domain",
              "default-project",
              "ip-fabric",
              "__default__",
              "ntw03"
            ]
          },
          {
            "uuid": "426affc9-b05c-47d8-b0ba-ffe72e59d984",
            "attr": {
              "session": .....
            },
            "href": "http://10.167.4.22:9100/bgp-router/426affc9-b05c-47d8-b0ba-ffe72e59d984",
            "to": [
              "default-domain",
              "default-project",
              "ip-fabric",
              "__default__",
              "ntw02"
            ]
          },
          {
            "uuid": "50f1a77e-9807-4024-b889-f771f2b97835",
            "attr": {
              "session": .....
            },
            "href": "http://10.167.4.22:9100/bgp-router/50f1a77e-9807-4024-b889-f771f2b97835",
            "to": [
              "default-domain",
              "default-project",
              "ip-fabric",
              "__default__",
              "ntw01"
            ]
          }
        ],
        "display_name": "vsrx1",
        "uuid": "2097b2c0-65ac-4c2f-ab0b-aaef2bf9e95a",
        "parent_uuid": "8356722f-02d9-4a57-baaf-1f5013e263f5",
        "parent_href": "http://10.167.4.22:9100/routing-instance/8356722f-02d9-4a57-baaf-1f5013e263f5",
        "parent_type": "routing-instance",
        "bgp_router_parameters": {
          "address_families": {
            "family": [
              "route-target",
              "inet-vpn",
              "e-vpn",
              "inet6-vpn"
            ]
          },
          "autonomous_system": 64512,
          "hold_time": 0,
          "identifier": "10.167.4.100",
          "router_type": "router",
          "source_port": null,
          "gateway_address": null,
          "vendor": "mx",
          "admin_down": false,
          "ipv6_gateway_address": null,
          "port": 179,
          "local_autonomous_system": null,
          "auth_data": null,
          "address": "10.167.4.100"
        },
        "perms2": {
          "share": [],
          "global_access": 0,
          "owner_access": 7,
          "owner": "cloud-admin"
        },
        "href": "http://10.167.4.22:9100/bgp-router/2097b2c0-65ac-4c2f-ab0b-aaef2bf9e95a"
      }
    }
    

    In the output above, you can verify such important parameters as autonomous_system, vendor, and others.

  4. Log in to the vMX/vSRX router.

  5. Verify peer BGR routers and the AS number:

    root@vsrx1% cli
    root@vsrx1> show bgp summary
    

    Example of system response:

    Groups: 1 Peers: 3 Down peers: 0
    Unconfigured peers: 3
    Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
    bgp.l3vpn.0           54         27          0          0          0          0
    Peer               AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
    10.167.4.21           64512      66176      66588       0       0     3w1d23h Establ
      bgp.l3vpn.0: 0/0/0/0
    10.167.4.22           64512     117437     100892       0       0     4w6d20h Establ
      bgp.l3vpn.0: 27/27/27/0
      public.inet.0: 5/5/5/0
    10.167.4.23           64512      85912      69311       0       0     3w2d21h Establ
      bgp.l3vpn.0: 0/27/27/0
      public.inet.0: 0/5/5/0
    
  6. View the current configuration:

    root@vsrx1> show configuration routing-options
    

    Example of system response:

    route-distinguisher-id 10.109.3.250;
    autonomous-system 64512;
    dynamic-tunnels {
        dynamic_overlay_tunnels {
            source-address 10.167.4.100;
            gre;
            destination-networks {
                10.109.3.0/24;
                172.16.10.0/24;
                10.167.4.0/24;
            }
        }
    }
    

    Note

    The command above returns current configuration. When you want to view the latest changes, use compare rollback:

    root@vsrx1> show configuration | compare rollback 1
    
    -    source-address 10.167.4.20;
    +    source-address 10.167.4.100;
    

    The number after rollback signifies the number of commit to which to compare this configuration.

  7. If you have a BGP peer down error with incorrect family:

    1. Verify the BGP peer UVE:

      curl http://nal01:9081/analytics/uves/bgp-peers
      

      User Visible Entities are OpenContrail resources, such as virtual network, virtual machines, vrouter, routing-instances, and so on. UVE APIs are used to query these resources.

  1. Search for the vMX/vSRX BGP peer by name in the list.

    In the sample output, families is the family advertised by the peer and configured_families is what is provisioned. In the sample output, the families configured on the peer have a mismatch, thus the peer does not move to an established state. You can verify it in the peer UVE.

  2. Fix the families mismatch in the sample by updating the configuration on the MX Series router, using Junos CLI:

    set protocols bgp group contrail-control-nodes family inet-vpn unicast
    
  3. After committing the CLI configuration, the peer comes up. Verify it with UVE.

  4. Verify the peer status on the MX router using Junos CLI:

    run show bgp neighbor 10.167.4.21
    
  5. Check the router in MX/vSRX:

    Use Junos CLI show commands from the router to check the route.

    root@vsrx1> run show route table public.inet.0
    
    public.inet.0: 8 destinations, 13 routes (8 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    0.0.0.0/0          *[Static/5] 4w6d 22:49:22
                        > to 172.17.32.193 via ge-0/0/0.0
    172.17.32.192/26   *[Direct/0] 4w6d 22:49:22
                        > via ge-0/0/0.0
    172.17.32.240/32   *[Local/0] 4w6d 22:49:22
                          Local via ge-0/0/0.0
    <floating_ip0>/32  *[BGP/170] 4w3d 00:41:07, MED 100, localpref 200, from 10.167.4.22
                          AS path: ?
                        > via gr-0/0/0.32769, Push 40
                        [BGP/170] 3w3d 00:30:48, MED 100, localpref 200, from 10.167.4.23
                          AS path: ?
                        > via gr-0/0/0.32769, Push 40
    <floating_ip1>/32  *[BGP/170] 3w3d 00:28:16, MED 100, localpref 200, from 10.167.4.22
                          AS path: ?
                        > via gr-0/0/0.32770, Push 19
                        [BGP/170] 3w3d 00:30:48, MED 100, localpref 200, from 10.167.4.23
                          AS path: ?
                        > via gr-0/0/0.32770, Push 19
    <floating_ip2>/32  *[BGP/170] 4w5d 23:22:58, MED 100, localpref 200, from 10.167.4.22
                          AS path: ?
                        > via gr-0/0/0.32769, Push 29
                        [BGP/170] 3w3d 00:30:48, MED 100, localpref 200, from 10.167.4.23
                          AS path: ?
                        > via gr-0/0/0.32769, Push 29
    <floating_ip2>/32  *[BGP/170] 2d 01:50:04, MED 100, localpref 200, from 10.167.4.22
                          AS path: ?
                        > via gr-0/0/0.32770, Push 37
                        [BGP/170] 2d 01:50:04, MED 100, localpref 200, from 10.167.4.23
                          AS path: ?
                        > via gr-0/0/0.32770, Push 37
    <floating_ip4>/32  *[BGP/170] 2d 01:31:11, MED 100, localpref 200, from 10.167.4.22
                          AS path: ?
                        > via gr-0/0/0.32770, Push 39
                        [BGP/170] 2d 01:31:11, MED 100, localpref 200, from 10.167.4.23
                          AS path: ?
                        > via gr-0/0/0.32770, Push 39
    

    In the output above, you can find the floating IP address what you want to debug.

  6. To view the detailed output, run:

    root@vsrx1> show route 172.17.35.8/32 detail
    
  7. Proceed to Troubleshoot a VM forward and reverse flow.