[c-nsp] 6500 SXI9 broken MPLS L3VPN with per-prefix label allocation

[Bernhard Schmidt]

Bernhard Schmidt <berni at birkenwald.de> wrote:

> vss1-2wr#sh mls cef mpls labels 875
>
> Codes: + - Push label, - - Pop Label         * - Swap Label, E - exp1
> Index  Local            Label                  Out i/f
>        Label             Op
> 8009   875 (EOS)        (-)                    recirc
>
> Okay, I think this is the problem. If label 875 (which thanks to PHP is
> the only label) is popped, the packet is untagged. Recirculation means
> lookup in the global routing table, so it gets sent out to the upstream
> router.

Okay, found the cause. There was an egress IP ACL on the Vlan1644. Of
course it needs to recirculate to evaluate that ACL, but I don't think
it is supposed to leave the VRF that way.

Is that a known limitation or a bug?

Bernhard