In a virtual extensible LAN (VXLAN) overlay network, theRingmiroute tracerThe commands can verify basic connectivity between two Juniper Networks devices that are acting as virtual tunnel endpoints (VTEPs) on the underlying physical network. However, there can be multiple paths between the two VTEPs through intermediary devices, and ping and traceroute packets can successfully reach their destinations as long as there is a connectivity problem on another path that ping and traceroute packets are normally forwarded on. data to reach your destination.
With the introduction ofoverlapYou can use parameters and other options in Junos OS Release 16.2 for MX Series RoutersRingmiroute tracerCommands to troubleshoot a VXLAN.
For the ping and traceroute mechanisms to work on a VXLAN, the ping and traceroute packets, also known as operations, administration, and management (OAM) packets, must use the same VXLAN headers (external headers) as those being sent. via network. the VXLAN segment is tunneled with potential connection issues. If there are connection problems, the overlay OAM packet will have the same problems as the data packet.
This example shows how to use overlay ping and trace route on a VTEP to verify the following on a VXLAN:
Scenario 1 – Make sure a specific VXLAN is configured on a different VTEP.
Scenario 2: Make sure that the MAC address of a specific endpoint is assigned to a VXLAN on the remote VTEP.
Scenario 3: Verify that there are no issues with a specific data flow between the sending and receiving endpoints.
Observation:
When issuing theping overlaymiRoute trace overlaycommands, the source VTEP on which you issue the command, and the destination VTEP that receives the ping packet must be JuniperNetworks devices that support overlay ping and traceroute.
requirements
This example uses the following hardware and software components:
Three physical servers running applications directly.
Two MX Series routers running Junos OS software version 16.2 or later. These routers act as VTEP.
Two Layer 3 routers, which can be from Juniper Networks or from a third party.
Before issuing theping overlaymiRoute trace overlayThe commands collect the necessary information for each parameter, such as IP addresses or MAC addresses, used for a specific scenario. To seetabla 1to determine which parameters are used for each scenario.
Summary and topology
The VXLAN topology shown inillustration 1includes physical servers A, B, and C on which the applications run directly. The applications on physical servers A and B need to communicate with the applications on physical server C. These servers reside on the same subnet, so the communication between the applications takes place at the Layer 2 level, and they are used tunnels or VXLAN tunnels to transport your data packets over a layer 3 network.
Illustration 1:Using Overlay Ping and Traceroute to Troubleshoot a VXLAN
In this topology, there are two MX series routers acting as VTEPs. VTEP1 starts and terminates VXLAN tunnels for physical servers A and B, and VTEP2 does the same for physical server C. VTEP1 and VTEP2 reside on VXLAN 100.
A data packet sent from physical server A is usually routed to the Layer 3 router with IP address 192.0.2.30 to reach physical server C.
In this VXLAN topology, there is a communication problem between physical servers A and C. To troubleshoot this data flow, you can use theping overlaymiRoute trace overlayCommands on VTEP1 (the VTEP source ortunnel-src) and indicate that VTEP2 is the VTEP target ortunnel-dst.
Thatping overlaymiRoute trace overlayCommands contain several parameters.tabla 1explains the purpose and provides a value for each of the parameters used in the three scenarios.
tabla 1does not include all availableping overlaymiRoute trace overlayParameter. This example uses the default values for these omitted parameters.
| Description | Scenario to which the parameter applies | Wert |
|---|---|---|---|
| Identifies the type of tunnel you are troubleshooting. | All | vxlan |
| VXLAN Network Identifier (VNI) of the VXLAN used in this example. | All | 100 |
| VTEP1 IP address from which you start the overlay ping or trace route. | All | 192.0.2.10 |
| IP address of the VTEP2 that receives the overlay pin or trace route packets. | All | 192.0.2.20 |
| MAC address of the physical server C that is the destination terminal. | Scenarios 2 and 3 | 00:00:5E:00:53:cc |
| The number of overlapping ping requests that VTEP1 sends. Observation: The count parameter does not apply to the overlay traceroute. | All | 5 |
| MAC address of the physical server A that is the originating endpoint. | scenario 3 | 00:00:5E:00:53:aaaa |
| MAC address of the physical server C that is the destination terminal. Observation: If you specify this parameter for Scenario 3, the MAC address must be the same MAC address specified for the | scenario 3 | 00:00:5E:00:53:cc |
| IP address of the physical server A. | scenario 3 | 198.51.100.1 |
| IP address of the physical server C. | scenario 3 | 198.51.100.3 |
| A value for the protocol used in the data flow. | scenario 3 | 17 |
| A value for the external TCP/UDP source port. | scenario 3 | 4456 |
| A value for the external UDP destination port. | scenario 3 | 4540 |
tabla 1contains several hash parameters used for scenario 3. For each of these parameters, you must provide a value associated with the dataflow you are resolving. Based on the supplied values, the system calculates a source port hash of the VXLAN UDP header included in the VXLAN UDP header of the overlapping ping and traceroute packets. By including the computed hash in the VXLAN UDP header, the overlay ping and traceroute packets can emulate data packets in the flow you are polling.
Better practices:
When you use hash parameters, we recommend that you provide a value for each parameter. This practice ensures that the ping and traceroute overlay processes are successful and that the output of each command is correct. If you do not provide a value for one or more hash parameters, the system sends an OAM request that may contain incorrect hash values and generates a warning message.
Building
check
This section contains the following verification tasks:
- Scenario-1: Verify that VXLAN 100 is set to VTEP2
- Scenario 2: Check if the MAC address of the destination endpoint is in VTEP2
- Scenario 3: Verifying a data flow
Scenario-1: Verify that VXLAN 100 is set to VTEP2
- purpose
- Plot
- sense
purpose
Make sure a VXLAN is configured with VNI 100 on VTEP2. You can use overlay ping or traceroute to perform this verification.
Plot
ping overlay
Initiate an overlay ping on VTEP1:
user@switch>Ping overlay Tunnel type vxlan vni 100 tunnel-src 192.0.2.10 tunnel-dst 192.0.2.20 account 5ping-overlay protocol vxlan vni 100 tunnel src ip 192.0.2.10 tunnel dst ip 192.0.2.20 mac address 00:00:00:00:00:00 count 5 ttl 255 WARNING: The following hash parameters are missing: hash calculation ends host smac end host dmac end host src end host ip dst end host ip end host protocol l4-src-port end host l4-dst-port stream request 1, at 192.0.2.20, um 09 -24 22:03:16 PDT 0.033 milliseconds Response for stream 1, from 192.0.2.20, at 09-24 22:03:16 PDT.036 milliseconds, rtt 10 milliseconds Overlapping segment not present at RVTEP 192.0.2.20 Request for stream 2, to 192.0.2.20 a 09-24 22:03:16 PDT.044 ms response to Seq 2, from 192.0.2.20 at 09-24 22:03:16 PDT.046 ms, rtt 10ms overlap Segment not present in RVTEP request 192.0. 2.20 for episode 3, at 192.0.2.20 on 9/24. 22:03:16 PDT.054 msResponse for episode 3, from 192.02.20 to 24.09. 22:03:16 PDT.057 msec, 10 msec rtt overlap segment not present on RVTEP 192.0.2.20 Request for sequence 4, to 192.0.2.20, on 09/24 22:03:16 PDT.065 msecResponse for sequence 4, from 192.0.2.20, on 09/24 22:03:16 PDT.069 msec, rtt 10 msec Missing overlap segment at RVTEP 192.0.2.20 Sequence Request 5, for 192.0.2.20, on 09/24 22: 03:16 PDT. 076 msecResponse for seq 5, from 192.0.2.20, at 09-24 22:03:16 PDT.079 msec, rtt 10 msec Overlay segment not present on RVTEP 192.0.2.20
Overlay Trace Path
Start an overlay traceroute on VTEP1:
user@switch>Traceroute-Overlay-Tunneltype vxlan vni 100 Tunnel-src 192.0.2.10 Tunnel-dst 192.0.2.20Traceroute overlay protocol vxlan vni 100 tunnel src ip 192.0.2.10 tunnel dst ip 192.0.2.20 mac address 00:00:00:00:00:00 ttl 255 WARNING: The following hash parameters are missing; hash computation may fail end-host smac endhost dmac endhost src ip endhost dst ip endhost protocol endhost l4-src-port endhost l4-dst-portttl sender address timestamp receiver timestamp response time 1 10.1.0.2 25.09 00 :51:10 PDT.599 ms * 10 ms 2 192.0.2.20 09 -25 00:51:10 PDT.621 ms 09-25 00:51:10 PDT.635 ms 21 ms overlapping segment in RVTEP 192.0 missing 0.2 ,twenty
sense
The example overlay ping output shows:
VTEP1 sent five ping requests to VTEP2, and VTEP2 responded to each request.
VTEP2 indicated that the VNI of 100 is not configured (
Overlay segment not present in RVTEP 192.0.2.20) and included this information in his response to VTEP1.
The sample overlay traceroute output indicates the following:
Upon receiving an overlap routing packet with a time-to-live (TTL) value of 1 hop, the Layer 3 router responds in VTEP1.
Upon receiving an overlap routing packet with a 2-hop TTL value, VTEP2 responds to VTEP1.
VTEP2 has indicated that the VNI of 100 is not configured (missing overlay segment in RVTEP 192.0.2.20) and has included this information in its response to VTEP1.
Observation:
The asterisk (*) in the Receiver Timestamp column of the traceroute overlay output indicates that the Layer 3 router that received the traceroute overlay packet is not a Juniper Networks device, or is a Juniper Networks device, which does not support overlay tracking.
Since the overlay ping and traceroute output show that VXLAN 100 is not present, check this setting for VTEP2. If you need to configure a VNI of 100 on VTEP2, use the vni configuration directive in the [edit vlans vlan-id vxlan] hierarchy. and reissue the ping overlay or traceroute overlay command to verify that VXLAN100 is discovered.
Scenario 2: Check if the MAC address of the destination endpoint is in VTEP2
- purpose
- Plot
- sense
purpose
Make sure that the MAC address (00:00:5E:00:53:cc) of the physical server C, which is the destination endpoint, is in the VTEP2 forwarding table. You can use overlay ping or traceroute to perform this verification.
Plot
ping overlay
Initiate an overlay ping on VTEP1:
user@switch>Ping overlay Tunnel type vxlan vni 100 tunnel-src 192.0.2.10 tunnel-dst 192.0.2.20 mac 00:00:5E:00:53:cc account 5ping overlay protocol vxlan vni 100 tunnel src ip 192.0.2.10 tunnel dst ip 192.0.2.20 mac address 00:00:5E:00:53:cc count 5 ttl 255 WARNING: The following hash parameters are missing: Hash calculation cannot be done succeed your end host smac end host dmac end host src end host ip dst end host protocol end host ip l4-src-port end host l4-dst-port request for seq 1, at 192.0.2.20 End -System Not PresentRequest for seq 2, at 192.0.2.20, at 09-24 23:53:54 PDT.096 msec Overlapping segment present at RVTEP 192.0.2.20 End-System Not PresentRequest for seq 3, at 192.0.2.20, at 09-24 23: 53:54 PDT .107 msecResponse to sec 3, from 192.0.2.20, at 09-24 23:53:54 PDT.111 ms, rtt 10ms overlap segment present on RVTEP 192.0.2.20 End System Request not present for sec 4, for 192.0.2.2 0 on 09/24 23:53:54 PDT.118 ms response for sequence 4, from 02.192.20 on 09/24 23:53:54 PDT.122 ms, 11 ms rtt segment overlay available in VR TEP 192.0. 2.20 End System Not Present Sequence Request 5, to 192.0.2.20, at 09-24 23:53:54 PDT.129 msec. Response to thread 5, as of 192.02.20, at 09-24 23:53:54 PDT. 133 ms, rtt 10 ms overlapping segment present with RVTEP 192.0.2.20 end system not present
Overlay Trace Path
Start an overlay traceroute on VTEP1:
user@switch>Traceroute Overlay Tunneltyp vxlan vni 100 Tunnel-src 192.0.2.10 Tunnel-dst 192.0.2.20 mac 00:00:5E:00:53:ccprotocol traceroute-overlay vxlan vni 100 tunnel src ip 192.0.2.10 tunnel dst ip 192.0.2.20 mac address 00:00:5E:00:53:cc ttl 255 WARNING: The following hash parameters are missing; hash calculation may not be successful Finish - Host smac endhost dmac endhost src ip endhost dst ip endhost protocol endhost l4-src-port endhost l4-dst-port ttl address sender timestamp receiver timestamp response time 1 10.1.0.1 09-25 00:56:17 PDT.663 ms * 10 ms 2 192.0.2.20 09-25 00:56:17 PDT.684 ms 09-25 00:56:17 PDT.689 ms 11 ms Overlapping segment present with RVTEP 192.0 .2.20 final system no gift
sense
The example overlay ping output shows:
VTEP1 sent five ping requests to VTEP2, and VTEP2 responded to each request.
VTEP2 verified that the VNI is set to 100 (
Overlapping segment present at RVTEP 192.0.2.20), but that the MAC address of physical server C is not in the forwarding table (end system not available). VTEP2 has included this information in its response to VTEP1.
The sample overlay traceroute output indicates the following:
Upon receiving an overlap route packet with a TTL value of 1 hop, the Layer 3 router responds in VTEP1.
Upon receiving an overlap routing packet with a 2-hop TTL value, VTEP2 responds to VTEP1.
VTEP2 verified that the VNI is set to 100 (
Overlapping segment present at RVTEP 192.0.2.20) and that the MAC address of physical server C is in the forwarding table (end system available). VTEP2 has included this information in its response to VTEP1.
Observation:
The asterisk (*) in the Receiver Timestamp column of the traceroute overlay output indicates that the Layer 3 router that received the traceroute overlay packet is not a Juniper Networks device, or is a Juniper Networks device, which does not support overlay tracking.
Since the overlapped ping and traceroute output indicate that VTEP2 does not know the MAC address of physical server C, you should investigate further why this MAC address is not in VTEP2's forwarding table.
Scenario 3: Verifying a data flow
- purpose
- Plot
- sense
purpose
Make sure there are no issues that could prevent data from flowing from physical server A to physical server Cillustration 1).
First, use the overlay ping, and if the overlay ping results indicate a problem, use the overlay trace path to determine which device in the path has the problem.
To overlay ping and traceroute, use the hash parameters to provide information about the devices in this flow so that the system can calculate a hash of the source port from the VXLAN UDP header, which is included in the VXLAN UDP header of the packets. ping and traceroute. cover. included. With the computed hash included in the VXLAN UDP header, the overlapping ping and traceroute packets can emulate data packets in this flow, which should produce more accurate ping and traceroute results.
Plot
ping overlay
Initiate an overlay ping on VTEP1:
user@switch>Superposición de ping tunnel type vxlan vni 100 tunnel-src 192.0.2.10 tunnel-dst 192.0.2.20 mac 00:00:5E:00:53:cc count 5 hash-source-mac 00:00:5E:00:53:aa Hash - destination mac 00:00:5E:00:53:cc hash source address 198.51.100.1 hash destination address 198.51.100.3 hash protocol 17 hash source port 4456 hash destination port 4540ping overlay protocol vxlan vni 100 src tunnel ip 192.0.2.10 dst tunnel ip 192.0.2.20 mac address 00:00:5E:00:53:cc account 5 ttl 255 hash parameter: input-ifd-idx 653 end-host smac 00: 00:5E:00:53:aa endhost dmac 00:00:5E:00:53:cc endhost src ip 198.51.100.1 endhost dst ip 198.51.100.3 endhost protocol 17 endhost l4-src-port 4456 end-host l4 -dst port 4540 host end VLAN 150 Request for episode 1, for 192.0.2.20 on 9/24 7:15:33 PDT.352 ms Request for episode 2, for 192.0.2.20 on 9/24 7:15:33 PDT .363 msecsRequest for stream 3, for 192.0.2.20, on 09/24 at 19:15:33 PDT.374 msec. Request for episode 4, for 192.0.2.20, on 09/24 at 19:15:33 PDT.385 msec for episode 5 at 192.0. 2.20 on 09/24 19:15:33 PDT.396ms
Overlay Trace Path
If necessary, start an overlay route trace on VTEP1:
user@switch>Traceroute Overlay Tunneltyp vxlan vni 100 tunnel-src 192.0.2.10 tunnel-dst 192.0.2.20 mac 00:00:5E:00:53:cc hash-source-mac 00:00:5E:00:53:aa hash- Ziel- Mac 00:00:5E:00:53:cc Hash-Quelladresse 198.51.100.1 Hash-Zieladresse 198.51.100.3 Hash-Protokoll 17 Hash-Quellport 4456 Hash-Zielport 4540Traceroute overlay protocol vxlan vni 100 tunnel src ip 192.0.2.10 tunnel dst ip 192.0.2.20 address mac 00:00:5E:00:53:cc ttl 255 hash parameter: input-ifd-idx 653 end-host smac 00:00: 5E:00:53:aa endhost dmac 00:00:5E:00:53:cc endhost src ip 198.51.100.1 endhost dst ip 198.51.100.3 endhost protocol 17 endhost l4- src-port 4456 end-host l4- dst-port 4540 ttl address sender timestamp receiver timestamp response time 1 10.1.0.1 09-25 00:56:17 PDT.663 ms * 10 ms
sense
The example overlay ping output indicates that VTEP1 sent five ping requests to VTEP2, but VTEP2 did not respond to any of the requests. The lack of response from VTEP2 indicates that there is a connectivity problem along the path between VTEP1 and the Layer 3 router or the path between the Layer 3 router and VTEP2.
To further address the way the problem is presented, overlaytraceroute is used. The Overlay Traceroute sample output indicates the following:
Upon receiving an overlay trace-route packet with a 1-hop TTL value, the Layer 3 router responds on VTEP1, indicating that the path between VTEP1 and the Layer 3 router is active.
VTEP2 does not respond to the traceroute overlay packet, indicating that the route between the Layer 3 router and VTEP2 may have failed.
Observation:
The asterisk (*) in the Receiver Timestamp column of the traceroute overlay output indicates that the Layer 3 router that received the traceroute overlay packet is not a Juniper Networks device, or is a Juniper Networks device, which does not support overlay tracking.
Since the output of the overlay route trace indicates a connectivity problem between the Layer 3 router and VTEP2, you should further investigate this route segment to determine the cause of the problem.
Related documentation
Understanding support for overlapping ping packets and traceroute
ping overlay
Route trace overlay