[c-nsp] endless routing loop in a L3 MPLS VPN

Saku Ytti saku at ytti.fi
Thu Mar 27 17:19:30 EDT 2014


On (2014-03-27 21:47 +0100), Lukas Tribus wrote:

> While I do understand that the route on PE2 is wrong, dangerous and we can
> simply fix it by using a interface + next-hop route, I'm concerned about the
> fact that the TTL mechanism fails with such a simple route misconfiguration.
> 
> Is PE1's behavior really correct here?

I think if these conditions are true

1) no ttl propagate
2) next-hop-self
3) static recurses to core

You will have persistent loop on 7600/6500.

It is probably not strictly correct, while the MPLS keeps regenerated with
255, the IP TTL should be decreased by both ingress and egress PE.

But I think we're hitting PFC3B HW limitation where ttl dec does not work as
it should at egress. Supposedly fixed in PFC3C and enabled with 'mls mpls
ttl-dec' but I've never actually observed it working correctly.

Your immediate fix is just, as you do, is to disable static route recursing
(which in most platforms is by default off and explicitly enabled when needed)

-- 
  ++ytti


More information about the cisco-nsp mailing list