Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13588
Views
0
Helpful
6
Replies

MPLS and no mpls ip propagate-ttl

mathieupoussin
Level 1
Level 1

‎10-27-2011 08:40 AM

Hello,

I have a little question, I'm studying MPLS using GNS3. I made a network with 4 MPLS routers, each connected to 2 others MPLS routers and one external non-MPLS router.

I try to hide all the internal MPLS routing using the "no mpls ip propagate-ttl" command. but it's not working properly. I still see the last hop internal (MPLS) IP address, here is the example of traceroute from an external router to another one :

Tracing the route to 192.168.0.2

  1 192.168.0.9 16 msec 20 msec 20 msec

  2 192.168.200.10 92 msec 84 msec 84 msec

  3 192.168.0.2 84 msec *  92 msec

192.168.200.0/16 are MPLS IP network (between the differents MPLS router, all in /30). I don't think the second hope should appear in the traceroute, because it's supposed to transport data using MPLS only and following the no propagate-ttl, it should not appear...

Here is the configuration of one MPLS router:

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

ip cef

!

!

!

!

no ip domain lookup

!

multilink bundle-name authenticated

mpls label protocol ldp

no mpls ip propagate-ttl

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface GigabitEthernet1/0

ip address 192.168.200.2 255.255.255.252

negotiation auto

mpls ip

!

interface GigabitEthernet2/0

ip address 192.168.200.5 255.255.255.252

negotiation auto

mpls ip

!

interface GigabitEthernet3/0

ip address 192.168.0.5 255.255.255.252

negotiation auto

!

interface GigabitEthernet4/0

no ip address

shutdown

negotiation auto

!        

router ospf 10

log-adjacency-changes

network 192.168.0.4 0.0.0.3 area 1

network 192.168.200.0 0.0.0.3 area 1

network 192.168.200.4 0.0.0.3 area 1

!

no ip http server

no ip http secure-server

!

!

!

logging alarm informational

!

!

!

!

!

!

control-plane

!

!

!        

!

!

!

gatekeeper

shutdown

!

!

line con 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

login

!

!

end

Is this behavior normal ? Did I miss something ?

Thank you

Labels:
0 Helpful
6 Replies 6

Vaibhava Varma
Level 4
Level 4

‎10-27-2011 09:59 AM

Hi Mathieu

TTL Propogation needs to be diabled on the all the MPLS Routers forwarding the Customer Packets for hiding the MPLS Network from Customer.However I think owing to PHP which is by default enabled in the MPLS Frame-Mode at the PHP Hop its sending out the IP packet and hence we would be seeing the last hop IP in the trace connected to the Egress LSR.

Is 192.168.200.10 92 the Interface IP of the Egress LSR connectint to the PHP Hop.

However In an MPLS VPN scenario disabling ttl propogation would totally hide the MPLS Network as there are two label stacks and even if PHP happens then the packet arriving at egress LSR has the Top Label.

Thats from my understanding what might be happening.Hope this helps to answer your query and provide some insight into the issue.

Regards

Varma

0 Helpful

mathieupoussin
Level 1
Level 1
In response to Vaibhava Varma

‎10-27-2011 10:08 AM

The "no mpls ip propagate-ttl" is set on all the MPLS routers (4), this is why I don't understand why the last MPLS hop still appears on the traceroute (different depending on the source/destination of the traceroute)

Mathieu-Poussin-MacBook-Pro:configs kedare$ grep propagate *

R1.cfg:no mpls ip propagate-ttl

R2.cfg:no mpls ip propagate-ttl

R3.cfg:no mpls ip propagate-ttl

R4.cfg:no mpls ip propagate-ttl

0 Helpful

Vaibhava Varma
Level 4
Level 4
In response to mathieupoussin

‎10-27-2011 10:10 AM

Hi Mathieu

As I said this should be happening because of PHP..

Try the same thing for MPLS VPN and we would  not be seeing the last hop there.

Hope this helps to answer your query.

Regards

Varma

0 Helpful

mathieupoussin
Level 1
Level 1
In response to Vaibhava Varma

‎10-27-2011 10:12 AM

Hello,

What do you call PHP ?

EDIT: Okay I found something:

http://www.mplsvpn.info/2008/11/what-is-php-penultimate-hop-popping.html

I'm reading it

Thank you

0 Helpful

Vaibhava Varma
Level 4
Level 4
In response to mathieupoussin

‎10-27-2011 10:18 AM

Hi Mathieu

PHP stands for Pen-Ultimate-Hop-Popping which is the default beahviour in Frame-Mode MPLS whereby which at one Hop before (Pen-ultimate-Hop) the Egress LER ( where the destination is connected or learnt from), the Top MPLS Label is Popped and only the IPv4 Packet in case of Plain MPLS Service or the VPNv4 packet with just one Label (VPN label) is sent to the Egress LER,

This helps save the double lookup on the Egress LER in case of IPv4 Traffic ie once MPLS Lookup and then IPv4 Lookup.

Please read through some Cisco Documentations available online to understand the concept in detail.

One Such thread for your reference

https://supportforums.cisco.com/thread/250131

Hope this helps to understand PHP and the issue .

Regards

Varma

0 Helpful

wil_amaya
Level 1
Level 1
In response to Vaibhava Varma

‎01-13-2012 09:51 AM

Mathieu, hello.   I am running through similar excercises and testing different scenarios except with more routers.  I observed that if you add the keyword "forwarded" to your "no mpls ip propagate-ttl" command that you are then able to successfully hide the MPLS structure from the customer routers.    That is except for the last hop where the pop happens as Varma indicated.

If you were to add the keyword "local" instead you would then be able to achieve the reverse affect whereby you hide the MPLS structure from the LSRs but not the customer routers.  

HTH,

Wil

0 Helpful
Customers Also Viewed These Support Documents