Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
411
Views
0
Helpful
3
Replies

Does Cisco have mpls icmp-tunneling configuration ?

Go to solution
gongya
Level 1
Level 1

‎09-24-2025 05:46 PM - edited ‎09-24-2025 07:32 PM

icmp-tunnling is enabled by default or needs some configuration to enable it ?
Juniper has an explicit configuration "set protocols mpls icmp-tunneling" 

It seems Cisco enabled icmp-tunneling by default.  Right ?  possible to disable ?
icmp-tunneling-diagram.PNG

R1#traceroute 172.31.1.6 num
Type escape sequence to abort.
Tracing the route to 172.31.1.6
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.1.2 0 msec 0 msec 0 msec
  2 10.10.1.3 [MPLS: Label 19 Exp 0] 1 msec 1 msec 0 msec
  3 10.10.2.4 [MPLS: Label 20 Exp 0] 1 msec 0 msec 1 msec
  4 10.10.3.5 1 msec 0 msec 1 msec
  5 172.31.1.6 1 msec *  2 msec

icmp-tunneling-packets.PNG

one thing puzzles me. The first 6 lines. Anyone can shed some lights on them ?

thanks !!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP

‎09-24-2025 11:53 PM - edited ‎09-24-2025 11:53 PM

Hello @gongya 

Your point make reference to RFC_4950: https://www.rfc-editor.org/rfc/rfc4950.html

Cisco routers support for that RFC 4950 ICMP extensions for MPLS is built in and generaly enabled by default. That’s te reason why, when you do a traceroute through an MPLS core, cisco platform naturally include the MPLS label stack in the icmp Time exceeded or destination unreachable reply — so exactly as RFC 4950 specify...

Also, cisco not disable RFC 4950 directly.. instead, admin control visibility by turning off TTL propagation with no mpls ip propagate-ttl command, which prevents TTL expiry inside the MPLS core so ICMP responses are never triggered there !

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
M02@rt37
VIP
VIP

‎09-24-2025 11:53 PM - edited ‎09-24-2025 11:53 PM

Hello @gongya 

Your point make reference to RFC_4950: https://www.rfc-editor.org/rfc/rfc4950.html

Cisco routers support for that RFC 4950 ICMP extensions for MPLS is built in and generaly enabled by default. That’s te reason why, when you do a traceroute through an MPLS core, cisco platform naturally include the MPLS label stack in the icmp Time exceeded or destination unreachable reply — so exactly as RFC 4950 specify...

Also, cisco not disable RFC 4950 directly.. instead, admin control visibility by turning off TTL propagation with no mpls ip propagate-ttl command, which prevents TTL expiry inside the MPLS core so ICMP responses are never triggered there !

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
gongya
Level 1
Level 1
In response to M02@rt37

‎09-25-2025 03:37 AM

thanks so much !!

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to gongya

‎09-25-2025 04:14 AM

You're so welcome @gongya 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful
Customers Also Viewed These Support Documents