• Skip to main content
  • Skip to header right navigation
  • Skip to site footer

Roger Perkin

Network Automation Architect

  • Network Automation
    • Network Automation Courses
    • What is NetDevOps?
    • Workflow Orchestration
    • Ansible Automation Platform
    • Ansible Workshop
    • What is Network Automation?
    • Network Automation Tools
    • ContainerLab
    • Ansible Training
      • What is Ansible?
      • Ansible Tutorial for Beginners
      • Ansible Network Automation
      • Ansible Hosts File
    • Python Network Automation
      • Nornir
      • Python Network Automation Course
      • Python for Network Engineers
      • Python VENV / Virtual Environment Tutorial
      • Python Tutorial for Beginners
      • pyATS
    • Network Source of Truth
      • NetBox Training
      • Infrahub
    • NetDevops
    • DevOps Tutorial
      • Git Training
      • Terraform Training
      • Linux Training
      • Kubernetes Training
      • Devops Training Course
      • Azure Devops Training
    • Terraform
    • GIT
      • Git Commands
      • What is GitHub?
    • Docker Training
    • Confluence
    • Microsoft Azure
  • Cisco
    • ISE
    • SD WAN Training
    • Password Recovery
    • Software-Upgrade-Guides
    • BGP
    • Data Center
    • WIRELESS
  • CCIE
  • Blog
  • About
    • My Red Special Guitar
  • Contact

BGP VPNv4 Troubleshooting Commands

Home » BGP Protocol

When working with MPLs Layer 3 VPN a lot of people get stuck with the verification, simply because they don’t know the bgp vpnv4 troubleshooting commands.

This post will step through some of the verification you can use to verify the routes end to end through a simple MPLS Layer 3 vpn topology.

The topology I will be using is below and is a very simple 3 router core with one vrf  and ospf being the CE to PE protocol on each side.

bgp vpnv4 troubleshooting commands topology

 

I have created vrf ONE on Router 3 and on Router 5, OSPF 1 Area 0 is running between R3,R4,R5 and R3 is peering with MP-BGP to R5

All your troubleshooting commands will now need to include vpnv4 and the commands do get quite long. Here are my top bgp vpnv4 troubleshooting commands.

BGP VPNv4 troubleshooting commands

Before we start with the troubleshooting commands lets just verify everything is working, I will jump onto R1 and ping R6 loopback

R1#ping 6.6.6.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/63/76 ms
R1#

Ok this works and prove the VPN is working, now we will go through some of the troubleshooting commands so you can see how to spot problems.

sh ip route vrf (name)

To see the routes within the VRF on Router 3 you run the command sh ip route vrf ONE

R3#sh ip route vrf ONE

Routing Table: ONE
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/11] via 10.0.13.1, 00:33:37, FastEthernet0/0
6.0.0.0/32 is subnetted, 1 subnets
B 6.6.6.6 [200/11] via 5.5.5.5, 00:12:21
10.0.0.0/24 is subnetted, 2 subnets
C 10.0.13.0 is directly connected, FastEthernet0/0
B 10.0.56.0 [200/0] via 5.5.5.5, 00:12:21
R3#

This will show you the routes that have been learnt in from R1 and any routes coming from the VRF on R5
As you can see we have the route 6.6.6.6 for the loopback of R6.

The command sh bgp vpnv4 unicast vrf ONE should show the same output.

R3#sh bgp vpnv4 unicast vrf ONE
BGP table version is 19, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf ONE)
*> 1.1.1.1/32       10.0.13.1               11         32768 ?
*>i6.6.6.6/32       5.5.5.5                 11    100      0 ?
*> 10.0.13.0/24     0.0.0.0                  0         32768 ?
*>i10.0.56.0/24     5.5.5.5                  0    100      0 ?

Now if we change the route-target export value on R3 to stop exporting the routes, you can see on R5 the routes from R1 will disappear.

This is the output of sh bgp vpnv4 unicast vrf ONE with the correct configuration

R5#sh bgp vpnv4 unicast vrf ONE
BGP table version is 31, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf ONE)
*>i1.1.1.1/32       3.3.3.3                 11    100      0 ?
*> 6.6.6.6/32       10.0.56.6               11         32768 ?
*>i10.0.13.0/24     3.3.3.3                  0    100      0 ?
*> 10.0.56.0/24     0.0.0.0                  0         32768 ?
R5#

You can see there is a route for 1.1.1.1 – now we can stop this in a number of ways but one way is to change the route-target import value on R5. So R1 will be exporting 3:5 and if we change the import value on R5 to something different we will stop getting the route.

R5(config)#ip vrf ONE
R5(config-vrf)#no route-target import 3:5
R5(config-vrf)#route-target import 3:6
R5(config-vrf)#

Now we didn’t actually have to add a new value, removing the current value would do the job

Looking on R5 now with <strong>sh bgp vpnv4 unicast vrf ONE</strong> you can see that the 1.1.1.1 route has gone

R5#sh bgp vpnv4 unicast vrf ONE
BGP table version is 33, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf ONE)
*> 6.6.6.6/32       10.0.56.6               11         32768 ?
*> 10.0.56.0/24     0.0.0.0                  0         32768 ?

If you wanted to troubleshoot this issue you would probably first check if R1 was actually advertising the route. Under normal BGP you would just use the command sh ip bgp neighbor 5.5.5.5 advertised-routes. Withing vpnv4 the command changes a bit to be

sh bgp vpnv4 unicast all neighbors 5.5.5.5 advertised-routes

If we run this on R3 you will see we are advertising the route

R3#sh bgp vpnv4 unicast all neighbors 5.5.5.5  advertised-routes
BGP table version is 9, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i -
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf ONE)
*> 1.1.1.1/32       10.0.13.1               11         32768 ?
*> 10.0.13.0/24     0.0.0.0                  0         32768 ?

Total number of prefixes 2

So if we were troubleshooting this issue we would know the routes are being advertised by R3 so we would turn our attention to R5 and verify the route-target import values are correct, which we know they are not!

I will change the the route-import value back and will also enable a debug.

debug bgp vpnv4 unicast updates this will let you see bgp updates within the vpnv4 process

R5(config)#ip vrf ONE
R5(config-vrf)#no route-targe import 3:6
R5(config-vrf)#route-target import 3:5

R5#debug bgp vpnv4 unicast updates
BGP updates debugging is on for address family: VPNv4 Unicast

BGP table version is 33, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - inte
rnal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf ONE)
*> 6.6.6.6/32       10.0.56.6               11         32768 ?
*> 10.0.56.0/24     0.0.0.0                  0         32768 ?
R5#
*Mar  1 01:07:45.879: BGP(2): 3.3.3.3 rcvd UPDATE w/ attr: nexthop 3.3.3.3
, origin ?, localpref 100, metric 0, extended community RT:3:5 OSPF DOMAIN
ID:0x0005:0x0000000A0200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.0.13.3:0
*Mar  1 01:07:45.895: BGP(2): 3.3.3.3 rcvd 100:1:10.0.13.0/24
*Mar  1 01:07:45.903: BGP(2): 3.3.3.3 rcvd UPDATE w/ attr: nexthop 3.3.3.3
, origin ?, localpref 100, metric 11, extended community RT:3:5 OSPF DOMAI
N ID:0x0005:0x0000000A0200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.0.13.3:0
*Mar  1 01:07:45.911: BGP(2): 3.3.3.3 rcvd 100:1:1.1.1.1/32&lt

Here you can see the route coming back in again.

The final command I am going to share is clearing the bgp vpnv4 process

Under ipv4 bgp you would use the clear ip bgp * command to bounce your neighbors, under vpnv4 the command changes to

clear bgp vpnv4 unicast *

You can specify the neighbor if you were in production but within a lab environment using the * is fine.

I hope these bgp vpnv4 troubleshooting commands have been  helpful and if you would like anything explained further leave a comment below.

Roger

Category: BGP ProtocolTag: bgp, CCIE, MPLS, troubleshooting, vpnv4
ansible course for network engineers
Get Access to my Ansible Course NOW
Previous Post:Awesome Putty tips and tricks for work and the CCIE Lab!
Next Post:CCIE Version 5 here I come

Sidebar

Hi I'm Roger Perkin,
Based in the UK working as a Network Automation Architect, CCIE #50038
About Roger | Twitter | Linkedin

python course for network engineers

Topics

Network Automation
Ansible
Python for Network Automation
CCIE
Cisco ISE
F5 Certification
BGP
OSPF
Network Automation Conferences
auvik promo banner
Pluralsight Trial

Git for Network Engineers

Ansible vs Nornir

Start learning today with my Network Automation Courses

Master Ansible, Python, Git, Nornir, Jenkins and more..


Buy me a coffeeBuy me a coffee

ansible network automation course

Have you seen my YouTube Channel?

YouTube Subscribe

Let’s get started

Take a look at my premium courses on Ansible, Nornir & Git or buy them all with the Network Automation Bundle!

Network Automation Courses

Navigation

Python VENV Tutorial
Python for Network Engineers

Network Automation
Network Automation Courses
Network Discovery Tools
Network Automation Conferences
Ansible Training
What is Ansible?
Devops Tutorial
Network Source of Truth
DevOps Glossary
Network Monitoring Software

Contact

Contact

Get in touch with me here

[email protected]

  • Twitter
  • LinkedIn
  • YouTube
Buy me a coffeeBuy me a coffee

Copyright © 2025 · Roger Perkin · All Rights Reserved · Privacy Policy – Terms