[j-nsp] M7i and M10i problems - TRACE ROUTE

EVAN WILLIAMS evangellick at btinternet.com
Wed Apr 25 04:03:07 EDT 2007


agree with alex & paulo, allowing propagate and decriment ttl allows your users to see hops in the network and in MPLS LSP deployment why allow them to shoot you with bullets of your own making. IMHO Best common practice no-propagate/ detriment TTL

BTW found this is a useful guide http://checklists.nist.gov/repository/1022.html porves a good pointer in setting up your router



Paulo Estante <estantep at gmail.com> wrote: Hi Giuliano,

Is this a MPLS-VPN environment?

I think you may be looking for the functionality from RFC4379. If that
is the case, have a look at Junos 8.1:
http://www.juniper.net/techpubs/software/junos/junos81/rn-sw-81/rn-new-features.html
on the "MPLS LSP traceroute supported on transit router" section.

regards,

Paulo Estante
JNCIE #185


On 4/22/07, Alex  wrote:
> Giuliano,
> AFAIK, the answer is no. On the other hand, if you are using MPLS L3VPN, why
> would you want your customers to be able to traceroute Your network?
> Have a look into "no-propagate-ttl" and/or "no-decrement-ttl" knobs, they
> might be applicable to your situation.
> Rgds
> Alex
>
> ----- Original Message -----
> From: "Giuliano Cardozo Medalha" 
> To: "Alex" 
> Cc: 
> Sent: Saturday, April 21, 2007 10:17 PM
> Subject: Re: [j-nsp] M7i and M10i problems - TRACE ROUTE
>
>
> > Alex,
> >
> > Is there some way to avoid or to change this default value ?
> >
> > It is possible to configure a firewall-filter to increase these values ?
> >
> > The problem is that when our customers start TRACES outside ... they think
> > our network as problems.
> >
> > Thanks a lot,
> >
> > Giuliano
> >> Giuliano,
> >> On Juniper M-series, there is an ICMP TTL-exceeded rate-limit in place:
> >> 50 pps per logical interface and 500 pps per box.
> >> See http://puck.nether.net/pipermail/cisco-nsp/2006-June/031717.html
> >> Rgds
> >> Alex
> >>
> >> ----- Original Message ----- From: "Giuliano Cardozo Medalha"
> >> 
> >> To: 
> >> Sent: Saturday, April 21, 2007 8:51 PM
> >> Subject: [j-nsp] M7i and M10i problems - TRACE ROUTE
> >>
> >>
> >>> People,
> >>>
> >>> We have a Juniper M10i border router.
> >>>
> >>> When we install this router on our network ... we are having problems
> >>> with MTR and traceroute programs.
> >>>
> >>> Basically ... every trace that pass trough the router lose 70% of the
> >>> packets.
> >>>
> >>> PING just works fine ... but TRACE and MTR not.
> >>>
> >>> Juniper saids in J-TAC that this is a default config (FACTORY DEFAULT)
> >>> from the router.
> >>>
> >>> There is some command or way to change this behavior ?
> >>>
> >>> Thanks a lot,
> >>>
> >>> Giuliano
> >>>
> >>> _______________________________________________
> >>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>
> >>
> >
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list