Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2359
Views
20
Helpful
4
Replies

Traceroute through VRF/L3VPN

Go to solution
matt.malott
Level 1
Level 1

‎08-06-2019 07:15 AM

Hello!

 

I work for a mid-sized ISP and we have an MPLS core consisting of ASR9K, ASR903, and ASR920 devices. We use OSPF and LDP. Currently, we have a VRF for internet traffic, which uses a L3VPN and BGP to get around our network. Our edge connections are also in a VRF using the same principles. This works great, however, customers are seeing default table hops in their traceroutes to the internet through our L3VPNs. I would like to know if there is a way to limit this visibility to hops in the VRF. I found some useful info on TTL propagation, but it seems that the "no mpls propogate-ttl" command is unavailable on our ASR900 devices. We are running 16.9.3 currently. Is this the correct command to fix this issue? If not, does anyone know a workaround? Thank you in advance for your help!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-06-2019 07:34 AM

Hello Matt,

your understanding is correct

the command

no mpls propagate-ttl

is the right tool to avoid to expose ISP router hops in global routing table to the customers when they perform a traceroute.

It is strange that ASR 900 does not support it.

 

Hope to help

Giuseppe

 

View solution in original post

4 Replies 4

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-06-2019 07:34 AM

Hello Matt,

your understanding is correct

the command

no mpls propagate-ttl

is the right tool to avoid to expose ISP router hops in global routing table to the customers when they perform a traceroute.

It is strange that ASR 900 does not support it.

 

Hope to help

Giuseppe

 

Go to solution
matt.malott
Level 1
Level 1
In response to Giuseppe Larosa

‎08-06-2019 09:37 AM

Upon further inspection, the command on the ASR900 devices with 16.X is:

 

no mpls ip propagate-ttl

 

The IP got me....yet again...

 

Thank you very much for the reply! Your response caused me to look deeper to find the solution!

0 Helpful

Go to solution
Ashish Panda
Cisco Employee
Cisco Employee

‎08-06-2019 06:26 PM

The right syntax on IOS-XE should be “no mpls ip propagate-ttl”.
Could you try and see if it works

Go to solution
LaloRam
Cisco Employee
Cisco Employee

‎08-10-2019 07:16 PM - edited ‎08-10-2019 07:17 PM

Hi Matt,

The commands are:

IOS/IOS-XE - "no mpls ip ttl-propagate"

IOS-XR - "mpls ip ttl-propagate disable"

Customers Also Viewed These Support Documents