The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This module explains how to manage MPLS/VPN support.
•How to Manage MPLS/VPN Support via SNMP
•How to Monitor MPLS/VPN Support via SCE Platform CLI
•How to Manage MPLS/VPN Support via SM CLU
SNMP support for MPLS/VPN auto-learn is provided in two ways:
•MIB variables
•SNMP traps
The mplsVpnAutoLearnGrp MIB object group (pcubeSEObjs 17) contains information regarding MPLS/VPN auto-learning.
The objects in the mplsVpnAutoLearnGrp provide the following information:
•maximum number of mappings
•allowed current number of mappings
For more information, see the "Proprietary MIB Reference" in the Cisco Service Control Engine Software Configuration Guide.
There is one MPLS/VPN-related trap:
•mplsVpnTotalHWMappingsThresholdExceeded (pcubeSeEvents 45)
To provide online notification of a resource deficiency, when the system reaches a level of 80% utilization of the hardware MPLS/VPN mappings, a warning message appears in the user log, and this SNMP trap is sent.
Both the warning and the trap are sent for each 100 mappings that are added after the threshold has been exceeded.
The SCE platform CLI allows you to do the following:
•Display VPN-related mappings
•Monitor subscriber counters
•Monitor PE routers
•Monitor bypassed VPNs
Use the following Viewer commands to display subscriber mappings. These commands display the following information:
•All the mappings for a specified VPN
•A listing of all currently logged-in VPNs
•A listing of all subscribers mapped to an IP range on a specified VPN
•The number of subscribers mapped to an IP range on a specified VPN
•The subscriber to whom a specified downstream mapping (PE loopback IP address &BGP label) is mapped. (This option is provided for backwards compatibility and has certain restrictions. See below How to Display the Name of the Subscriber Mapped to a Specified VPN.)
•Displaying Mappings for a Specified VPN: Examples
Options
The following option is available:
•vpn-name — The name of the VPN for which to display mappings.
Step 1 From the SCE> prompt, type show interface linecard 0 VPN name vpn-name and press Enter.
Displaying Mappings for a Specified VPN: Examples
The following example illustrates the output of this command for an MPLS-based VPN.
SCE# show interface linecard 0 VPN name vpn1 VPN name: Vpn1 Downstream MPLS Mappings: PE-ID = 1.0.0.1 Mpls Label = 20 PE-ID = 1.0.0.1 Mpls Label = 30 =======>Total Downstream Mappings: 2 Upstream MPLS Mappings: =======>Total Upstream Mappings: 0 Number of subscriber mappings: 0 Explicitly introduced VPN
The following example illustrates the output of this command for a VLAN-based VPN.
SCE> show interface linecard 0 VPN name Vpn3
VPN name: Vpn3
VLAN: 2
Number of subscriber mappings: 0
Explicitly introduced VPN
The following example illustrates the output of this command for an automatically created VLAN.
SCE> show interface linecard 0 VPN name 2
VPN name: 2
VLAN: 2
Number of subscriber mappings: 1
Automatically created VPN
Use this command to display a listing of all currently logged-in VPNs
Step 1 From the SCE> prompt, type show interface linecard 0 VPN all-names
and press Enter.
Displaying a Listing of All VPNs: Example
SCE# show interface linecard 0 VPN all-names
•Displaying Subscribers Mapped to a IP range on a Specified VPN: Example
Options
The following options are available:
•ip-range — The IP range for which to display mapped subscribers
•vpn-name — The name of the VPN for which to display mappings.
Step 1 From the SCE> prompt, type show interface linecard 0 subscriber mapping included-in IP ip-range VPN vpn-name and press Enter.
The VPN option allows you to search for subscribers with a private IP mapping
Displaying Subscribers Mapped to a IP range on a Specified VPN: Example
SCE# show interface linecard 0 subscriber mapping included-in IP 10.0.0.0/0 VPN vpn1 Subscribers with IP mappings included in IP range '10.0.0.0/0'@vpn1: Subscriber 'Sub10', mapping '10.1.4.150/32@vpn1'. Subscriber 'Sub10', mapping '10.1.4.149/32@vpn1'. Subscriber 'Sub10', mapping '10.1.4.145/32@vpn1'. Subscriber 'Sub11', mapping '10.1.4.146/32@vpn1'. Total 2 subscribers found, with 4 matching mappings
•Displaying the Number of Subscribers Mapped to range on a Specified VPN: Example
Options
The following options are available:
•ip-range — The IP range for which to display mapped subscribers
•vpn-name — The name of the VPN for which to display mappings.
Use the ` amount ` keyword to display the number of subscribers rather than a listing of subscriber names.
Step 1 From the SCE> prompt, type show interface linecard 0 subscriber amount mapping included-in IP ip-range VPN vpn-name and press Enter.
Displaying the Number of Subscribers Mapped to range on a Specified VPN: Example
SCE# show interface linecard 0 subscriber amount mapping included-in IP 0.0.0.0/0 VPN vpn1 There are 2 subscribers with 4 IP mappings included in IP range '0.0.0.0/0'.
If the MPLS/VPN is configured as a single subscriber mapped to 0.0.0.0/0 on the VPN that is mapped to the specified MPLS, this option displays that subscriber
Note This command provides backward compatibility for MPLS/VPN subscriber configuration in SCOS versions previous to 3.1.5.
Step 1 From the SCE# prompt, type show interface linecard 0 subscriber mapping MPLS-VPN PE-ID
pe-id BGP-label label and press Enter.
•Displaying the Subscriber Mapped to a Specified VPN: Example 1
•Displaying the Subscriber Mapped to a Specified VPN: Example 2
Displaying the Subscriber Mapped to a Specified VPN: Example 1
SCE#>show interface lineCard 0 subscriber mapping MPLS-VPN PE-ID 1.0.0.1 BGP-label 30 BGP MPLS label 30 on PE 1.0.0.1 is mapped to VPN named 'Vpn1' The VPN is NOT mapped to a single subscriber (0.0.0.0/0@Vpn1)
Displaying the Subscriber Mapped to a Specified VPN: Example 2
SCE#>show interface lineCard 0 subscriber mapping MPLS-VPN PE-ID 1.0.0.1 BGP-label 30 BGP MPLS label 30 on PE 1.0.0.1 is mapped to VPN named 'Vpn1' Subscriber 'Sub10' is mapped to 0.0.0.0/0@Vpn1
Step 1 From the SCE# prompt, type show interface linecard 0 MPLS-VPN non-VPN-mappings
and press Enter.
Use this command to remove all learned upstream labels of a specified VPN.
The following option is available:
•vpn-name — The name of the VPN for which to display mappings.
Step 1 From the SCE# prompt, type clear interface linecard 0 VPN name
vpn-name upstream mpls all and press Enter.
This command, in effect, causes early label aging. Clearing the mappings allows relearning; labels will probably be quickly relearned after they have been cleared. Therefore, this command is useful when you want to update the VPN mappings without waiting for the standard aging period.
Use the following Viewer command to display subscriber counters, including those related to MPLS/VPN mappings.
•Monitoring Subscriber Counters: Example
When MPLS/VPN-based subscribers are enabled, the following related counters appear in addition to the basic subscriber counters:
•MPLS/VPN-based subscribers:
–Current number of MPLS/-based subscribers that have VPN mappings.
–Maximum number of MPLS/VPN-based subscribers
•MPLS/VPN-based subscribers are also counted in the general subscribers counters, but the general subscribers maximum number does not apply to MPLS/VPN-based subscribers, which have a smaller maximum number.
•MPLS/VPN mappings:
–Current number of used MPLS/VPN mappings
–Maximum number of MPLS/VPN mappings
•Note that these values reflect the total number of mappings, not just the mappings used by MPLS/VPN-based subscribers. Bypassed VPNs also consume MPLS/VPN mappings.
Step 1 From the SCE# prompt, type show interface linecard 0 subscriber db counters and press Enter.
SCE#show interface linecard 0 subscriber db counters
Current values:
===============
Subscribers: 2 used out of 99999 max.
Introduced subscribers: 2.
Anonymous subscribers: 0.
Subscribers with mappings: 2 used out of 99999 max.
SINGLE non-VPN IP mappings: 1.
non-VPN IP Range mappings: 1.
IP Range over VPN mappings: 1.
Single IP over VPN mappings: 3.
MPLS-based subscribers are enabled.
MPLS/VPN mappings: 2 used out of 57344 max.
MPLS based VPNs with subscriber mappings: 2 used out of 2015 max.
Subscribers with open sessions: 0.
Subscribers with TIR mappings: 0.
Sessions mapped to the default subscriber: 0.
Peak values:
============
Peak number of subscribers with mappings: 2
Peak number occurred at: 14:56:55 ISR MON June 9 2007
Peak number cleared at: 15:29:39 ISR MON June 9 2007
Event counters:
===============
Subscriber introduced: 2.
Subscriber pulled: 0.
Subscriber aged: 0.
Pull-request notifications sent: 0.
State notifications sent: 0.
Logout notifications sent: 0.
Subscriber mapping TIR contradictions: 0
Use the following Viewer command to display MPLS/VPN information.
Step 1 From the SCE# prompt, type show interface linecard 0 mpls vpn
and press Enter.
SCE#show interface linecard 0 mpls vpn MPLS/VPN auto-learn mode is enabled. MPLS based VPNs with subscriber mappings: 0 used out of 2015 max Total HW MPLS/VPN mappings utilization: 0 used out of 57344 max MPLS/VPN mappings are divided as follows: downstream VPN subscriber mappings: 0 upstream VPN subscriber mappings: 0 non-vpn upstream mappings: 0 downstream bypassed VPN mappings: 0 upstream bypassed VPN mappings: 0
Use the following Viewer commands to monitor PE routers. These commands provide the following information:
•Configuration of all currently defined PE routers.
•Configuration of a specified PE router.
Step 1 From the SCE# prompt, type show interface linecard 0 MPLS VPN PE-Database
and press Enter.
Step 1 From the SCE# prompt, type show interface linecard 0 MPLS VPN PE-Database PE-ID
pe-id and press Enter.
•How to Display the Currently Bypassed VPNs
•How to Remove all Learned Bypassed VPNs
Step 1 From the SCE# prompt, type show interface linecard 0 MPLS VPN Bypassed-VPNs
and press Enter.
Step 1 From the SCE# prompt, type clear interface linecard 0 MPLS VPN Bypassed-VPNs
and press Enter.
•How to Display Non-VPN Mappings
•How to Remove all Learned non-VPN Mappings
Step 1 From the SCE# prompt, type show interface linecard 0 MPLS VPN non-VPN-mappings
and press Enter.
Step 1 From the SCE# prompt, type clear interface linecard 0 MPLS VPN non-VPN-mappings
and press Enter.
The SM CLU allows you to do the following:
•Add and remove VPNs
•Display VPN information
•Clear MPLS/VPN mappings
For more information, see the Cisco Service Control Management Suite Subscriber Manager User Guide.
Use the p3vpn utility to manage VPNs.
•How to Add a New MPLS-based VPN
•How to Display VPN Information
The following options are available:
•VPN-Name — The name assigned to the VPN when it was added, or, if adding a VPN, the name to be assigned to it..
•RT@PE-IP — The mapping assigned to the VPN. Multiple mappings can be specified using a comma.
–RT = the route target of the VPN, specified using the ASN:n notation or the IP:n notation
Note that the Route Distinguisher may be specified rather than the route target
–PE-IP = the loopback IP of the PE router connected to that VPN
Step 1 From the shell prompt, type the following command: p3vpn --add --vpn=
VPN-Name
--mpls-vpn=RT@PE,(RT@PE2, RT@PE3,...) .
Step 1 From the shell prompt, type the following command: p3vpn --remove --vpn=
VPN-Name
•To List All Subscribers for a Specified VPN
•To Display the Mappings for a Specified VPN
To List All Existing VPNs
Step 1 From the shell prompt, type the following command: p3vpn --show-all
To List All Subscribers for a Specified VPN
Step 1 From the shell prompt, type the following command: p3vpn --show-sub --vpn=
VPN-Name
Listing All Subscribers for a Specified VPN: Example
p3vpn -show-sub --vpn=vpn1 sub1: 10.1.1.0/24@vpn1 sub2: 20.1.1.0/24@vpn1 Command terminated successfully
To Display the Mappings for a Specified VPN
Step 1 From the shell prompt, type the following command: p3vpn --show --vpn=V
PN-Name
Listing All Subscribers for a Specified VPN: Example
p3vpn --show --vpn=vpn1 Name: vpn1 Domain: subscribers Mappings: MPLS/VPN: 1:1000@10.0.0.1 (no BGP information) MPLS/VPN: 1:1000@10.0.0.2 label: 10 IP range: 1.1.1.1/32 Command terminated successfully
•To Remove All Existing Mappings from a Specified VPN
•To Remove a Specified Mapping from a Specified VPN
To Remove All Existing Mappings from a Specified VPN
Step 1 From the shell prompt, type the following command: p3vpn --remove-all-mappings --vpn=
VPN-Name
To Remove a Specified Mapping from a Specified VPN
Step 1 From the shell prompt, type the following command: p3vpn --remove-mappings --vpn=
VPN-Name --mpls-vpn=RT@PE,(RT@PE2, RT@PE3,...)
There are three types of mappings that can be added to an existing VPN-based subscriber:
•A set of IP addresses defined as IP@VPN
•A complete VPN (this is actually a special case of IP@VPN mappings, in which the mapping is defined as 0.0.0.0/0@VPN)
•All the IP addresses of a CE router, defined by a AS:value@VPN-NAME (BGP community)
Options
The following options are available
•SUB-NAME — The name of the subscriber to be associated with the specified community attribute
•IP1[/RANGE][,...]@VPN-NAME — IP address or addresses to assign to the VPN
–IP = the IP address. This may be any of the following
–a single IP address (x.x.x.x)
–a single range of IP addresses (x.x.x.x/y)
–a list of IP addresses separated by commas (x.x.x.x, y.y.y.y, z.z.z.z)
–a list of IP address ranges (x.x.x.x/a, y.y.y.y/b, z.z.z.z/c)
–VPN-NAME = name of the VPN to which the community attribute will be assigned
•--additive-mappings — Use this option to add the new mapping(s) to any existing ones. (Without this option, any existing mappings are overwritten.)
Step 1 From the shell prompt, type the following command: p3subs -add --subscriber=
SUB-NAME
--ip=IP1[/RANGE][,...]@VPN-NAME [--additive-mappings]
This option is supported to provide backwards compatibility with MPLS/VPN-based subscribers in releases before 3.1.5.
Options
The following options are available
•SUB-NAME — The name of the subscriber to be associated with the specified community attribute
•VPN-NAME — The name of the VPN to which the subscriber will be mapped. (This option is equivalent to defining the mapping as 0.0.0.0/0@VPN)
•--additive-mappings — Use this option to add the new mapping(s) to any existing ones. (Without this option, any existing mappings are overwritten.)
Step 1 From the shell prompt, type the following command: p3subs -add --subscriber=
SUB-NAME
--vpn=VPN-NAME [--additive-mappings]
An optional parameter may be set defining a community attribute. The community attribute provides a mechanism for defining the BGP community as one subscriber, using the community@VPN specification.
The community attribute in the BGP protocol is used to dynamically map IP ranges to subscribers. The community attribute can be configured in the Provider Edge (PE) router or in the Customer Edge (CE) router.
The community@VPN specification is replaced by an IP@VPN specification by the BGP LEG.
Use the p3subs utility to configure the community parameter.
Options
The following options are available:
•SUB-NAME — The name of the subscriber to be associated with the specified community attribute
•AS:value@VPN-NAME — The community attribute to assign to the VPN
–AS = autonomous system. Integer in the range 0-65535 assigned by the network administrator
–value = the community attribute. Integer in the range 0-65535 assigned by the network administrator
–VPN-NAME = name of the VPN to which the community attribute will be assigned
Step 1 From the shell prompt, type the following command: p3subs -add --subscriber=
SUB-NAME --community=AS:value@VPN-NAME
•To Remove All Existing Mappings from a Specified Subscriber
•To Remove a Specified IP Mapping from a Specified Subscriber
•To Remove a Specified VPN Mapping from a Specified Subscriber
•To Remove a Specified Community-based Mapping from a Specified Subscriber
Step 1 From the shell prompt, type the following command: p3subs --remove-all-mappings --subscriber=
SUB-NAME
Step 1 From the shell prompt, type the following command: p3psubs --remove-mappings --subscriber=
SUB-NAME --ip=IP1[/RANGE][,...]@VPN-NAME
Step 1 From the shell prompt, type the following command: p3psubs --remove-mappings --subscriber=
SUB-NAME --vpn=VPN-NAME
Step 1 From the shell prompt, type the following command: p3psubs --remove-mappings --subscriber=
SUB-NAME --community=AS:value@VPN-NAME
Use the p3subs utility to manage VPNs.
Step 1 From the shell prompt, type the following command: p3subs --show-all-mappings --subscriber=SUB-NAME