On Tue, 7 Aug 2001, Zaheer Aziz wrote:
> At 05:44 PM 8/7/2001 -0400, jlewis@lewis.org wrote:
> >I've run into a problem with a 7500 (RSP4 with VIP2-50s) apparently eating
> >icmp ttl exceeded packets if tag-switching is turned on (to support MPLS
> >VPN traffic transitting the router).
>
> This is probably during the traceroute reply. Does that happen at LSR (P)
> or at ELSR(PE).
> A small diag with exact problem description would help more
It seems to happen at the 7500, which I guess is a P. The setup is:
P -- PE
/
internet === 7500 -- P -- PE
|
PE
i.e. there are MPLS VPN PE routers directly and indirectly connected to
the 7500. When we deployed our first MPLS VPN, we enabled tag-switching
and set the tag-switching mtu to 1520 (the T3's with tag-switching enabled
have the interface MTU set to 1500) on all router interfaces that would
transmit MPLS VPN packets. That includes PA-2T3's and MC-T3 T1 interfaces
on the 7500, PA-2T3's on several 7206's (some are P, some PE), HSSI and
T1 on 3640's (PE's).
We just noticed that if we traceroute from the internet to certain (not
all) non-VPN DSL customers terminated on a 3640 that happens to be one of
the PE's on the right, the last hop the traceroute sees is the 7500.
Packet debugging shows the P and PE routers are seeing and at least
claiming to respond with ttl exceeded, but the packets don't make it back
through the 7500. The really odd thing is traceroutes to some other DSL
customers on the same PE work fine. When I disable tag-switching only on
the 7500, the traceroutes go back to normal and ttl exceeded messages get
back out to the internet.
-- ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:48 EDT