[c-nsp] DFZ-in-a-VRF: ASR1k per-ce label TTL troubles
Lukas Tribus
luky-37 at hotmail.com
Thu Mar 12 10:15:10 EDT 2015
Hey guys,
I hope someone could comment on the following behavior I recently
encountered:
I'm running the DFZ in an MPLS VPN on ASR1k as PEs, and recently
upgraded from 03.09.00S to 03.10.04.S and switched from per-vrf label
allocation mode (= egress LER has to do an IP lookup) to the new
per-ce label allocation mode (which basically means per next-hop label
allocation, avoiding IP lookups on the egress PE).
I also have "no mpls ip propagate-ttl forwarded" on all boxes, to hide
the MPLS topology (which is using RFC1918 addressing).
Since the upgrade and with prefixes covered by a per-ce label (basically
EBGP sessions with our transits/peers), the egress LER shows up in the
traceroutes across the MPLS VPN:
- with "* * *" when uRPF loose mode is enabled on the egressing IP
interface
- with the private IP from the ingress MPLS core link when uRPF is
disabled on the egress interface
Previsouly (with per-vrf label allocation) the egress LER never showed
up in the traceroute (which is what I want, or at least it would have to
use a source IP belonging to that VRF, instead of my RFC1918 core IP).
Also, when tracerouting to prefixes not covered by the per-ce label
("connected" or BGP aggregates for example), the LER correctly doesn't
show up.
Why would the egress LER show up when using per-ce label allocation?
I don't think this behavior is expected, is it?
Strangly I was not able to reproduce this in a quick lab session, even
though I used the same platform, code and per-ce label allocation. Not
sure what I missed there, but I can realiably reproduce this on multiple
production PE's.
Regards,
Lukas
More information about the cisco-nsp
mailing list