Perhaps I am not

Vinayaka Raman · ‎03-15-2015

My set up is MPLS router--- Internet edge-------ISP

I am advertising public ip prefix from MPLS to internet edge and then to ISP

when i trace route from internet to the public prefix i advertised, i am seeing the MPLS private IP which is expected.

Basically i wanted to hide this from the trace route results i.e, when the user tries to trace route to the public ip from the internet he should NOT see the private ip at all. "no icmp unreahcable" might give a * result in the trace route last hop but i wanted hide it .. is it possible?

Regards Vinayak

Richard Burts · ‎03-15-2015

Perhaps I am not understanding what you mean when you say you want to hide the trace route response. I would have thought that no icmp unreachable would have given the result you want because no one would see the IP address. If what you mean when you say hide is that there should be no indication of response at all then this is not possible. Trace route is based on sending IP packets and manipulating the Time To Live. When your router receives the trace route packet with TTL of 1 it will decrement the TTL and drop the packet. Even if it sends no response (which is what no icmp unreachable does) the sender will record that hop as *. There is no way to prevent it. Either your router sends a response (and the sender sees an IP address) or it sends no response and the sender reports *. There is no other way to do it.

HTH

Rick

HTH

Rick

milan.kulik · ‎03-15-2015

Hi, I'm not sure if it fits this particular case. But as you mentioned your MPLS router: There is a general way how to hide your MPLS infrastricture from traceroute output: no mpls ip propagate-ttl command. See http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/26585-mpls-traceroute.html for details. Best regards, Milan

Ashok Kumar · ‎03-15-2015

Hi,

Traceroutes takes into account the TTL value, be it MPLS packet or IP packet.

on the edge of the IP & MPLS network , TTL field get copied from one to another & the traceroute works properly. But "no mpls ip propagate-ttl" can diable this automatic copying the TTL value field. Hence, your traceroute will drop on edge/boundary, this generally done by ISP to hide their ip address from the traceroute path.

mpls ip propagate-ttl

To control the generation of the time-to-live (TTL) field in the Multiprotocol Label Switching (MPLS) header when labels are first added to an IP packet, use the mpls ip propagate-ttl command in global configuration mode. To use a fixed TTL value (255) for the first label of the IP packet, use the no form of this command.

mpls ip propagate-ttl

no mpls ip propagate-ttl [forwarded | local]

The Traceroute Command in MPLS

http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/26585-mpls-traceroute.html

- Ashok

******************************************************************************************************

Please rate the post or mark as correct answer as it will help others looking for similar information

******************************************************************************************************

Richard Burts · ‎03-15-2015

As I understand it the command no mpls ip propagate-ttl will hide the address as the packet flows through the MPLS network. But as I understand it the original poster wants to hide the address of the router that is the edge of the MPLS network. I do not believe that this command will hide the address on the router at the edge of MPLS, it only hides the response as the packet goes through the MPLS network.

HTH

Rick

HTH

Rick

how to hide trace route layer 3 hop?

mpls ip propagate-ttl