[c-nsp] ICMP replay from egress PE

Pshem Kowalczyk pshem.k at gmail.com
Wed Jun 3 04:30:02 EDT 2009 

Hi,

That setup (without ttl propagation) works fine on 7301. I would like
to know if its possible to achieve the same result using and ASR1004.
Since we are not talking here about only one customer, or one person
that need to troubleshoot the problems having the previous behaviour
back is definitely the best option.

kind regards
Pshem


2009/6/3 Amjad Ul Hasnain Qasmi <zhqasmi at cyber.net.pk>:
> As per my understanding of your issue, you want to keep your mpls domain hidden from customer perspective but at the same time you want your egress LER to be appeared in traceroute. you may need to to disable TTL propagation for forwarded packets (VPN traffic), use "no mpls ip propagate forwarded" on LERs, this allows the structure of the MPLS network to be hidden from customers, but not the provider.
>
> Regards,
> AHQ
>
>
>
> -----Original Message-----
> From: Pshem Kowalczyk [mailto:pshem.k at gmail.com]
> Sent: Wednesday, June 03, 2009 11:00 AM
> To: Amjad Ul Hasnain Qasmi
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] ICMP replay from egress PE
>
> Hi,
>
> If I do that I'll see the 'MPLS' hops, which I don't want. All I would
> like to see is ICMP reply from the address inside the vrf.
>
> kind regards
> Pshem
>
> 2009/6/3 Amjad Ul Hasnain Qasmi <zhqasmi at cyber.net.pk>:
>> Try enabling " mpls ip propagate-ttl "
>> http://www.cisco.com/en/US/docs/ios/12_3/switch/command/reference/swi_m2.htm
>> l#wp1058956
>>
>> Regards,
>> AHQ
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Pshem Kowalczyk
>> Sent: Wednesday, June 03, 2009 8:27 AM
>> To: cisco-nsp at puck.nether.net
>> Subject: [c-nsp] ICMP replay from egress PE
>>
>> Hi,
>>
>> Recently we've upgraded some of our 7301 to ASR (1004). Config
>> remained pretty much the same (from L3VPNs perspective), but it looks
>> like the behaviour of both platforms is somewhat different. I'm not
>> sure if it's a feature or a bug yet.
>>
>> We have a typical setup, like this:
>> CE1 --- PE1 --- P1 --- P2 --- PE2 --- CE2
>>                        |              |
>>                        + --- PE3 --- CE3
>>
>> So customers site is multihomed via PE2 and PE3 and has internal
>> connection between CE2 and CE3
>>
>> With 7301 Traceroute from CE1 used to show the IP of PE2 or PE3
>> (egress interface from the vrf), after the upgrade to ASRs - all we
>> can see is PE1's IP and then straight CE2/CE3, but since customer
>> drops icmp packets - we can't really see which way it's really going.
>> Is there a way to get an ICMP reply from the egress ASR? I understand
>> it switches the packets out through the interface without actually
>> doing any lookups, but even after forcing 'label-per-vrf' we can't see
>> the last hop.
>> Any ideas if this behaviour can be corrected?
>>
>> kind regards
>> Pshem
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
>
>

More information about the cisco-nsp mailing list