Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides
https://forum.ivorde.com/

Junos VPLS Virtual circuit stuck in "VC-Dn" state
https://forum.ivorde.com/junos-vpls-virtual-circuit-stuck-in-vc-dn-state-t14471.html
Page 1 of 1

Author:  mandrei99 [ Tue Jul 09, 2013 9:48 am ]
Post subject:  Junos VPLS Virtual circuit stuck in "VC-Dn" state

Code:
# run show vpls connections
Layer-2 VPN connections:

Legend for connection status (St)   
EI -- encapsulation invalid      NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch     WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down    NP -- interface hardware not present
CM -- control-word mismatch      -> -- only outbound connection is up
CN -- circuit not provisioned    <- -- only inbound connection is up
OR -- out of range               Up -- operational
OL -- no outgoing label          Dn -- down                     
LD -- local site signaled down   CF -- call admission control failure     
RD -- remote site signaled down  SC -- local and remote site ID collision
LN -- local site not designated  LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status  IL -- no incoming label
MM -- MTU mismatch               MI -- Mesh-Group ID not available
BK -- Backup connection          ST -- Standby connection
PF -- Profile parse failure      PB -- Profile busy
RS -- remote site standby        SN -- Static Neighbor
VM -- VLAN ID mismatch

Legend for interface status
Up -- operational           
Dn -- down                             

Instance: VPLS
  Local site: B (2)
    connection-site           Type  St     Time last up          # Up trans
    1                         rmt   VC-Dn  -----                          0
      Remote PE: 10.0.0.1, Negotiated control-word: No
      Incoming label: 262145, Outgoing label: 262146
      Local interface: lsi.1048577, Status: Up, Encapsulation: VPLS
        Description: Intf - vpls VPLS local site 2 remote site 1


"VC-Dn" state means that the Junos device data plane is not up, only the control plane is up because bgp neighbours are in "Established" state and there are routes in bgp.l2vpn.0 table:

Code:
# run show bgp summary
Groups: 1 Peers: 1 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0               
                       0          0          0          0          0          0
bgp.l2vpn.0         
                       1          1          0          0          0          0
bgp.l3vpn.0         
                       0          0          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.0.0.1              65533         40         38       0       0       15:36 Establ
  inet.0: 0/0/0/0
  bgp.l2vpn.0: 1/1/1/0
  VPLS.l2vpn.0: 1/1/1/0
  bgp.l3vpn.0: 0/0/0/0


Code:
# run show route table bgp.l2vpn.0 extensive

bgp.l2vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
10.60.1.254:100:1:1/96 (1 entry, 0 announced)
        *BGP    Preference: 170/-101
                Route Distinguisher: 10.60.1.254:100
                Next hop type: Indirect
                Address: 0x9254568
                Next-hop reference count: 5
                Source: 10.0.0.1
                Protocol next hop: 10.0.0.1
                Indirect next hop: 2 no-forward
                State: <Active Int Ext>
                Local AS: 65533 Peer AS: 65533
                Age: 15:54      Metric2: 1
                Task: BGP_65533.10.0.0.1+52067
                AS path: I
                Communities: target:65533:100 Layer2-info: encaps:VPLS, control flags:, mtu: 0, site preference: 100
                Import Accepted
                Label-base: 262145, range: 8
                Localpref: 100
                Router ID: 10.60.1.254
                Secondary Tables: VPLS.l2vpn.0
                Indirect next hops: 1   
                        Protocol next hop: 10.0.0.1
                        Indirect next hop: 2 no-forward
                        Indirect path forwarding next hops: 1
                                Next hop type: Router
                                Next hop: 10.0.0.1 via ge-0/0/3.0
                        10.0.0.0/24 Originating RIB: inet.0
                          Node path count: 1
                          Forwarding nexthops: 1
                                Next hop type: Interface
                                Nexthop: via ge-0/0/3.0


The problem is "10.0.0.0/24 Originating RIB: inet.0". Bgp needs "protocol next-hop"s routes to be present in "inet.3" table:
Code:
# run show route 10.0.0.1 table inet.3 |count                 
Count: 0 lines


Depending on your configuration, either enable IGP to carry loopbacks (if you use "next-hop self" as internal bgp export policy action) or a static route in "inet.3" RIB:
Code:
# top set routing-options rib inet.3 static route 10.0.0.1 next-table inet.0
# commit
# run show route 10.0.0.1 table inet.3                             

inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.1/32        *[Static/5] 00:00:08
                      to table inet.0



Now that I have the /32 route for the VPLS route next-hop in inet.3 table, let's check the vpls connections again:
Code:
# run show vpls connections                 
Layer-2 VPN connections:

Legend for connection status (St)   
EI -- encapsulation invalid      NC -- interface encapsulation not CCC/TCC/VPLS
EM -- encapsulation mismatch     WE -- interface and instance encaps not same
VC-Dn -- Virtual circuit down    NP -- interface hardware not present
CM -- control-word mismatch      -> -- only outbound connection is up
CN -- circuit not provisioned    <- -- only inbound connection is up
OR -- out of range               Up -- operational
OL -- no outgoing label          Dn -- down                     
LD -- local site signaled down   CF -- call admission control failure     
RD -- remote site signaled down  SC -- local and remote site ID collision
LN -- local site not designated  LM -- local site ID not minimum designated
RN -- remote site not designated RM -- remote site ID not minimum designated
XX -- unknown connection status  IL -- no incoming label
MM -- MTU mismatch               MI -- Mesh-Group ID not available
BK -- Backup connection          ST -- Standby connection
PF -- Profile parse failure      PB -- Profile busy
RS -- remote site standby        SN -- Static Neighbor
VM -- VLAN ID mismatch

Legend for interface status
Up -- operational           
Dn -- down                             

Instance: VPLS
  Local site: B (2)
    connection-site           Type  St     Time last up          # Up trans
    1                         rmt   Up     Jul  9 17:06:12 2013           1
      Remote PE: 10.0.0.1, Negotiated control-word: No
      Incoming label: 262145, Outgoing label: 262146
      Local interface: lsi.1048577, Status: Up, Encapsulation: VPLS
        Description: Intf - vpls VPLS local site 2 remote site 1

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/