[c-nsp] MPLS TTL expired in 12.0(26)S3

Clinton Work clinton at scripty.com
Fri Dec 3 14:02:54 EST 2004 

Did the MPLS TTL expired behavior change between 12.0(23)S and 12.0(26)S?

I have the following setup:
r1 <-ebgp-> ler2 <--> lsr3 <--> lsr4 <--> lsr5 <--> ler6 <-ebgp-> r2

- r1, r2 and running ebgp with ler2 and ler6
- ler2, lsr3, lsr4, lsr5, and ler6 all run the ISIS IGP and have MPLS 
enabled
- ler2 and ler6 have an IBGP session between them all ebgp routes 
remarked with next-hop-self
- The lsr routers only have IGP routes.
- Only one label is used going across the network (no MPLS TE or MPLS VPN)

- lsr5 has a pop tag to reach the loopback0 of ler6

lsr5#show mpls forwarding-table 1.1.1.6
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
56     Pop tag     1.1.1.6/32        635693070530635 PO2/0      point2point


If I do a traceroute from r1 to r2, I don't get a traceroute response 
from lsr5 which is doing the PHP for ler6. When the input linecard on 
lsr5 sees the traceroute probe with a MPLS TTL of 1 it should forward 
the dropped packet to the RP for processing with the label stack in 
place . When the RP generates the ICMP unreachable message it will 
lookup the label in the LFIB and forward the ICMP unreachable down the 
LSP to ler6 for forwarding. I might be seeing a bug on the E4+ linecard 
where it strips the label on the MPLS TTL 1 packet before sending it to 
the RP for processing. When the RP generates that ICMP unreachable 
message it tries to send the response with its own routing table, but it 
doesn't know how to reach router R1 (no BGP routes).

What is the best way to get a debug for the ICMP unreachables with some 
label stack information on a GSR?

"debug ip icmp" only generates something like:
Dec  2 18:58:04 EST: MPLS: ICMP: time exceeded (time to live) sent to 
2.2.2.1 (dest was 1.1.1.6)

I'm a little concerned about trying to use "debug ip packet <acl>" 
because I'm not sure if it will match traffic only on the RP or the 
linecards as well.

Has anyone tried using the receive ACL to log packets sent to the RP?

access-list 141 permit icmp any any log-input
access-list 141 permit ip any any
ip receive access-list 141

More information about the cisco-nsp mailing list