cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

269
Views
20
Helpful
4
Replies
Highlighted
Beginner

Traceroute through VRF/L3VPN

Hello!

 

I work for a mid-sized ISP and we have an MPLS core consisting of ASR9K, ASR903, and ASR920 devices. We use OSPF and LDP. Currently, we have a VRF for internet traffic, which uses a L3VPN and BGP to get around our network. Our edge connections are also in a VRF using the same principles. This works great, however, customers are seeing default table hops in their traceroutes to the internet through our L3VPNs. I would like to know if there is a way to limit this visibility to hops in the VRF. I found some useful info on TTL propagation, but it seems that the "no mpls propogate-ttl" command is unavailable on our ASR900 devices. We are running 16.9.3 currently. Is this the correct command to fix this issue? If not, does anyone know a workaround? Thank you in advance for your help!

Everyone's tags (7)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Expert

Re: Traceroute through VRF/L3VPN

Hello Matt,

your understanding is correct

the command

no mpls propagate-ttl

is the right tool to avoid to expose ISP router hops in global routing table to the customers when they perform a traceroute.

It is strange that ASR 900 does not support it.

 

Hope to help

Giuseppe

 

4 REPLIES 4
Hall of Fame Expert

Re: Traceroute through VRF/L3VPN

Hello Matt,

your understanding is correct

the command

no mpls propagate-ttl

is the right tool to avoid to expose ISP router hops in global routing table to the customers when they perform a traceroute.

It is strange that ASR 900 does not support it.

 

Hope to help

Giuseppe

 

Beginner

Re: Traceroute through VRF/L3VPN

Upon further inspection, the command on the ASR900 devices with 16.X is:

 

no mpls ip propagate-ttl

 

The IP got me....yet again...

 

Thank you very much for the reply! Your response caused me to look deeper to find the solution!

Cisco Employee

Re: Traceroute through VRF/L3VPN

The right syntax on IOS-XE should be “no mpls ip propagate-ttl”.
Could you try and see if it works
Cisco Employee

Re: Traceroute through VRF/L3VPN

Hi Matt,

The commands are:

IOS/IOS-XE - "no mpls ip ttl-propagate"

IOS-XR - "mpls ip ttl-propagate disable"

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards