Manualshelf

Network Router User Manual

ManualsBrandsCisco Systems ManualsNetwork Router78-10548-02
567891011121314
7-12
Cisco VPN Solutions Center: MPLS Solution User Guide
78-10548-02
Chapter 7 MPLS VPN Solution Troubleshooting Guide
Auditing Problems
Figure 7-4 Audit Options Window
Also be sure to schedule data collection by choosing Monitoring > Collect VPN Routing
Information.
5. Question: I checked the “Use VPN routing info during audits” option, but I receive the message,
“No VPN routing information found.
Answer: You must collect VPN routing info to use it. Schedule data collection by choosing
Monitoring > Collect VPN Routing Information.
6. Question: My service request is the Broken state. How do I address the problem?
Answer: While the router is correctly configured, the service is unavailable (due to a broken cable
or Layer 2 problem, for example). A service request moves to Broken if the Auditor finds the
routing and forwarding tables for this service, but they do not match the service intent.
There are three tests done for the routing test: 1) presence of routes toward the CE, 2) presence of
routes away from the CE, and 3) if the CE is managed using the management VPN technique, routes
to at least one of the CEs in the management VPN.
All these tests are done for the VRF in which the service request belongs. To test the presence of
routes toward the CE, the product looks for a route toward the CE’s provider facing IP address.
The test for routes away from the CE looks for routes toward the “other side of the VPN.” This test
checks the remote connectivity status If the service request is in a management VPN, the final test
checks for a route to the management CE (MCE).
If any of the tests fail, the service request is set to Broken. Since this audit is from the routing
information found on the PE, the routing test audit details are placed under the PE. Because the
routing test is a Layer 3 operational test, the product cannot know why things have gone wrong at
that layer—it could be a broken cable, lost Layer 2 connectivity, and so on.
7. Question: I have a VPN with two CEs. One PE-CE Layer 2 connection is down and in a Broken or
Lost state. Why does the other PE-CE pair’s service request also move to Broken?
Answer: The routing test checks whether the service request provides a routing level connection
of the site to the VPN. For a VPN to exist, there must be at least two sites. Hence, in a VPN with
two sites, if connectivity of one of the sites go down, the VPN no longer exists. Therefore, the
connectivity of the other site to the VPN also fails—there are no routes across the provider’s core
network.
8. Question: I just created a VPN and added my first site to it. I ran a VPN routing information
collection operation and selected “Use VPN routing information.” Why does the service request
move to Broken?
Answer: First read the answer to the previous question (Question 7).