I use vMX in my JNCIE lab. I have 8 routers interconnected with each other by separate vlans for each p2p connection. Recently, durig #Labeveryday session, I configured BGP signaled L2VPN. The control plane was working like a charm – even L2VPN stitching (in terms of control plane) worked as expected. But when I tried to do a ping between the CE devices, there was no traffic. The problem with L2 MPLS services is that the PE-CE connections are very hard to troubleshoot. Especially where the encapsulation used is plain ethernet or ethernet vlan.
I started as usual, with basic troubleshooting:
- Done mpls pings
- Done l2vpn ping
- Added another logical ipv4 interface (both ends) to the CE-PE link
- Manually checked each signaled label from PE to PE 馃檪
- I even checked the MTU settings on the entire path
The control plane was working – I had L2 connections in up state. The CE-PE connectivity was also fine since I could ping the PE L3 interface (on those L3 interfaces). But for some reason, the L2 traffic that was hitting my PE router had not been passed to the other side.
I even tried configuring it on a couple physical SRX鈥檚 – and, surprise surprise, it worked – on hardware.
So I started suspecting some virtualisation issues. I started searching a little bit through the Internet and someone suggested that it could be related to the promiscuous mode on the vSwitch. I checked on my vCenter and noticed that all my vlans have the promiscuous mode set to REJECT. I changed it and everything started working. I could ping between the CE routers, the OSPF between them was also established.
So, if you鈥檙e facing the same issues, just check the promiscuous mode on your vSwitch and you will save a lot of time on the debug.
