Solved: prevent traceroute from getting label information ?

mohammed hashim · ‎03-25-2016

hi,

when CE traceroute to another CE, it gets to know all label information inside MPLS ?

is there a way to prevent this so if the CE traceroute another VPN site, PE-PE information will be hidden !!?

?

Peter Paluch · ‎03-25-2016

Hi Mohammed,

You can configure the following command on PE routers:

no mpls ip propagate-ttl

This will prevent PE routers from copying the TTL value of the incoming IP packet into the TTL field of the MPLS label, and instead, they will always set the label TTL to 255. This way, your traceroute packets will not expire on internal P routers, and so the information about the provider's infrastructure and its labels will be hidden.

Best regards,
Peter

View solution in original post

Peter Paluch · ‎03-25-2016

Hi Mohammed,

You can configure the following command on PE routers:

no mpls ip propagate-ttl

This will prevent PE routers from copying the TTL value of the incoming IP packet into the TTL field of the MPLS label, and instead, they will always set the label TTL to 255. This way, your traceroute packets will not expire on internal P routers, and so the information about the provider's infrastructure and its labels will be hidden.

Best regards,
Peter

mohammed hashim · ‎03-25-2016

thanks peter.