[c-nsp] ICMP replay from egress PE

Amjad Ul Hasnain Qasmi zhqasmi at cyber.net.pk
Wed Jun 3 02:10:36 EDT 2009 

As per my understanding of your issue, you want to keep your mpls domain hidden from customer perspective but at the same time you want your egress LER to be appeared in traceroute. you may need to to disable TTL propagation for forwarded packets (VPN traffic), use "no mpls ip propagate forwarded" on LERs, this allows the structure of the MPLS network to be hidden from customers, but not the provider.

Regards,
AHQ



-----Original Message-----
From: Pshem Kowalczyk [mailto:pshem.k at gmail.com] 
Sent: Wednesday, June 03, 2009 11:00 AM
To: Amjad Ul Hasnain Qasmi
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ICMP replay from egress PE

Hi,

If I do that I'll see the 'MPLS' hops, which I don't want. All I would
like to see is ICMP reply from the address inside the vrf.

kind regards
Pshem

2009/6/3 Amjad Ul Hasnain Qasmi <zhqasmi at cyber.net.pk>:
> Try enabling " mpls ip propagate-ttl "
> http://www.cisco.com/en/US/docs/ios/12_3/switch/command/reference/swi_m2.htm
> l#wp1058956
>
> Regards,
> AHQ
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Pshem Kowalczyk
> Sent: Wednesday, June 03, 2009 8:27 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] ICMP replay from egress PE
>
> Hi,
>
> Recently we've upgraded some of our 7301 to ASR (1004). Config
> remained pretty much the same (from L3VPNs perspective), but it looks
> like the behaviour of both platforms is somewhat different. I'm not
> sure if it's a feature or a bug yet.
>
> We have a typical setup, like this:
> CE1 --- PE1 --- P1 --- P2 --- PE2 --- CE2
>                        |              |
>                        + --- PE3 --- CE3
>
> So customers site is multihomed via PE2 and PE3 and has internal
> connection between CE2 and CE3
>
> With 7301 Traceroute from CE1 used to show the IP of PE2 or PE3
> (egress interface from the vrf), after the upgrade to ASRs - all we
> can see is PE1's IP and then straight CE2/CE3, but since customer
> drops icmp packets - we can't really see which way it's really going.
> Is there a way to get an ICMP reply from the egress ASR? I understand
> it switches the packets out through the interface without actually
> doing any lookups, but even after forcing 'label-per-vrf' we can't see
> the last hop.
> Any ideas if this behaviour can be corrected?
>
> kind regards
> Pshem
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

More information about the cisco-nsp mailing list