En SR-MPLS, un chemin peut sembler “Up” tout en perdant des paquets à cause d’un détail discret : SRGB décalée, SID non programmé en FIB, espace de labels épuisé, TI-LFA qui bascule en boucle locale, ou encore une politique SR-TE qui installe des segments incomplètement. Le dépannage réellement efficace impose trois preuves successives : 1) le control-plane (ISIS/OSPF SR, BGP-LS, PCE/policies) publie bien les SIDs attendus ; 2) la programmation FIB/CEF correspond exactement à ces annonces ; 3) le dataplane transporte/impile/décapsule les labels sans drops ni réécritures inattendues.
1. Preuve d’underlay et de MTU — avant tout le reste
ping <RMT-LOOPBACK> source <LOC-LOOPBACK> size 8972 df-bit repeat 5
traceroute <RMT-LOOPBACK> source <LOC-LOOPBACK>
show policy-map control-plane input
show policy-map control-plane output
show interface <PHY> | include MTU|error|drop
2. Control-plane SR — Prouver la présence et la cohérence des SIDs
show isis segment-routing
show isis database detail
show segment-routing mpls state all
show segment-routing mpls lb sid all
show ospf segment-routing prefix-sid
show segment-routing mpls connected-prefix-sid-map
show segment-routing mpls forwarding
show segment-routing mpls global-block
show segment-routing mpls local-block
show segment-routing mpls sid-database
show bgp link-state summary
show bgp link-state link <area/node> detail
3. De la RIB à la FIB/CEF — prouver la programmation SR dans le dataplane
show mpls forwarding-table
show mpls forwarding-table labels <LABEL> detail
show cef <RMT-LOOPBACK/IP> detail
show segment-routing traffic-eng policy all
show segment-routing traffic-eng policy name <POLICY> detail
show segment-routing traffic-eng tunnel
show fib detail mpls
show cef mpls labels <LABEL> detail
show controllers npu statistics | include drop|mpls
show platform hardware qfp active datapath utilization
show platform hardware qfp active statistics drop
show platform software fed switch active mpls forwarding
4. Cas A — SRGB mismatch : labels décalés entre nœuds
show segment-routing mpls global-block
show segment-routing mpls sid-database | include Prefix|16003
show mpls forwarding-table labels <LABEL-LOCAL> detail
show mpls forwarding-table | include <DEST-NODE>
5. Cas B — Adjacency-SID manquant : TI-LFA non effectif
show isis segment-routing adjacency-sid
show isis database detail | include Adjacency SID
show isis fast-reroute ti-lfa
show isis path-protection detail
6. Cas C — SR-TE “Partial” : pile de labels incomplète
show segment-routing traffic-eng policy name <POLICY> detail
show segment-routing mpls sid-database | include <SID-LIST>
show cef <MIDPOINT-LOOPBACK> detail
7. Cas D — Blackhole VRF via SR : imposition MPLS manquante
show cef vrf <VRF> <PREFIX> detail
show mpls forwarding-table vrf <VRF> | include <PREFIX|OutLabel>
show segment-routing traffic-eng policy name <POLICY> statistics
show platform hardware qfp active statistics drop | include MPLS|ENCAP|DECAP
8. Cas E — Micro-boucles lors de convergence TI-LFA
show logging | include ISIS|SR|TE|LFA
show isis events brief
show segment-routing traffic-eng policy name <POLICY> history
show isis fast-reroute ti-lfa protected-prefixes
9. Dataplane — observer la pile MPLS
monitor capture buffer SR size 10 circular
monitor capture point ip cef SR gi0/0/0 both
monitor capture point associate SR SR
monitor capture start
monitor capture stop
monitor capture buffer SR export tftp://<server>/sr-te.pcap
monitor session 10 type erspan-source
source interface <EGRESS-IF> both
destination
erspan-id 10
ip address <COLLECTOR-IP>
origin ip address <LOCAL-LO>
10. Ressources et drops matériels
show fib statistics
show cef drops
show controllers npu statistics | include mpls|drop
show route summary | include paths|installed
show platform hardware qfp active feature mpls
show platform hardware qfp active resources
show platform hardware qfp active statistics drop
show ip cef switching statistics
11. Runbook express
### Underlay
ping <RMT-LO> source <LOC-LO> size 8972 df-bit
traceroute <RMT-LO> source <LOC-LO>
### SR Control-plane
show segment-routing mpls global-block
show isis segment-routing
show isis database detail | include Prefix-SID|Adj-SID
show segment-routing mpls sid-database
### SR-TE
show segment-routing traffic-eng policy all
show segment-routing traffic-eng policy name <POLICY> detail
### Forwarding/FIB
show mpls forwarding-table
show mpls forwarding-table labels <LABEL> detail
show cef <DEST> detail
### Hardware drops
show platform hardware qfp active statistics drop
show controllers npu statistics
### Capture
monitor capture ... / ERSPAN
12. Signaux d’alarme
Labels corrects mais trafic perdu : FIB ne reflète pas la SID-list → ressource ou bug.
SR-TE partial : SID manquant → corriger publication IGP ou recalcul PCE.
TI-LFA inopérant : Adj-SID absent → réactiver SR sur lien.
VPN SR blackhole : imposition MPLS absente → vérifier CEF VRF + pile effective.
