Verifying Network Connectivity and Reachability

Context

After completing VPN configuration, you can:

Run the ping command on the local CE to check whether the local CE and the remote CE in the same VPN can communicate with each other. If the ping fails, you can run the tracert command to locate the faulty node.
Run the ping command with the -vpn-instance vpn-instance-name parameter on the PE to check whether the PE and the CE in the same VPN as the PE can communicate with each other. If the ping fails, you can run the tracert command with the -vpn-instance vpn-instance-name parameter to locate the faulty node.

If multiple interfaces on the PE are bound to the same VPN, you need to specify the source IP address, that is, the -a source-ip-address when you ping or tracert the remote CE that accesses the peer PE. If no source IP address is specified, the PE selects the smallest IP address from the IP addresses of the interfaces on the PE bound to this VPN as the source address of the Internet Control Message Protocol (ICMP) messages. If the CE has no route to the selected IPv4 route, the CE discards the returned ICMP message.

By default, as for the MPLS time to live (MPLS TTL) timeout packet with a single label, the switch returns the ICMP message according to the local IP route (that is, the public network route). However, no VPN route exists in the public network routing table of the ASBR and therefore, the ICMP message is discarded when being sent to or returned by the ASBR.

Procedure

Run the ping [ ip ] [ -a source-ip-address | -c count | -d | -f | -h ttl-value | [ -i interface-type interface-number | -si source-interface-type source-interface-number ] | -m time | -n | -name | -p pattern | -q | -r | -s packetsize | -system-time | -t timeout | -tos tos-value | -v | -vpn-instance vpn-instance-name ] ^* host [ ip-forwarding ] command to check network connectivity from the local device to a specified destination IP address.
Run the tracert [ -a source-ip-address | -f first-ttl | -m max-ttl | -name | -p port | -q nqueries | -vpn-instance vpn-instance-name | -w timeout | -v ] ^* host command to check the gateways that a data packet passes when it is sent from the local device to the destination.
Run the ping lsp [ -a source-ip | -c count | -exp exp-value | -h ttl-value | -m interval | -r reply-mode | -s packet-size | -t time-out | -v ] ^* ip destination-address mask-length [ ip-address ] [ nexthop nexthop-address | draft6 ] command to check connectivity of a Label Switched Path (LSP).
Run the tracert lsp [ -a source-ip | -exp exp-value | -h ttl-value | -r reply-mode | -t time-out | -v ] ^* ip destination-address mask-length [ ip-address ] [ nexthop nexthop-address | draft6 ] command to check the gateways that a data packet passes when it is sent from the local device to the destination along the LSP.