[c-nsp] Hiding MPLS L3VPN hops from the CE
Keegan Holley
keegan.holley at sungard.com
Sun Aug 22 10:16:25 EDT 2010
There are simple commands within the mpls command set to accomplish the same
goals. no mpls ip propogate=ttl will ignore the ttl in the IP packet
effectively diabling traceroute. mpls ip propogate-ttl (didn't feel like
looking up the syntax) forward will insert it into the mpls packets but not
decrement it so traceroute will hide the provider hops and then continue
normally after leaving the cloud. I wouldn't advise psuedowires or GRE
tunnels just to stop traceroute.
On Sun, Aug 22, 2010 at 7:31 AM, Peter Hicks <peter.hicks at poggs.co.uk>wrote:
> On Sat, 2010-08-21 at 20:19 -0400, Jason Lixfeld wrote:
>
> > Suppose a CE is connected to an MPLS network that has 6 hops between
> > the PE this said CE connects to and the edge of the MPLS network. If
> > a user traces from behind the CE through the MPLS network, is it
> > possible to hide all the hops in between?
>
> So we're talking about a CE to its local PE, rather than another PE
> accessed through the MPLS cloud?
>
> If you want to hide the IP address of each hop, you could disable ICMP
> 'TTL expired in transit' messages, but you'd get asterisks on
> traceroutes.
>
> If you want to hide the presence of the hops, you could look at a GRE
> tunnel - with its associated MTU reduction issues - or maybe an L2TPv3
> pseudowire.
>
> Just out of interest - is this for marketing reasons, or technical?
>
>
>
> Peter
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
More information about the cisco-nsp
mailing list