MPLS OAM: how P router replies ICMP TTL exceed through VPN label

abhishekgarg658545708 · ‎05-07-2024

i created L3VPN senario to test MPLS VRF traceroute functionality

CE-1 (R1) 1.1.1.1

CE-2 (R6) 6.6.6.6

when i did traceroute from CE-1 to CE-2 , below output is getting , but my question is when R3(P) router receive the traceroute with ttl 1 so it will send ICMP ttl exceed towards PE-1 but how it send the icmp reply with VPN label because it don't know about the vpn routes

P router replies with MPLS VPN label 105 that is vpn local label of 1.1.1.1 VRF which is store in PE-1 so how P router knows about this label

##################################################################################

Router#traceroute ip 6.6.6.6 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 6.6.6.6
VRF info: (vrf in name/id, vrf out name/id)
1 172.1.1.1 16 msec 12 msec 0 msec
2 10.0.0.2 [MPLS: Labels 300/506 Exp 0] 96 msec 56 msec 68 msec
3 173.1.1.1 [AS 100] [MPLS: Label 506 Exp 0] 56 msec 44 msec 48 msec
4 173.1.1.2 [AS 100] 88 msec 96 msec *

#####################################################################################

PE-1 table

Router#sh mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
100 300 5.5.5.5/32 0 Fa0/0 10.0.0.2
102 Pop Label 3.3.3.3/32 112 Fa0/0 10.0.0.2
103 Pop Label 30.0.0.0/24 0 Fa0/0 10.0.0.2
104 303 40.0.0.0/24 0 Fa0/0 10.0.0.2
105 No Label 1.1.1.1/32[V] 9754 Fa2/0 172.1.1.2

##############################################################################

this is the P capture where ICMP reply comes with label 105 which is the local label of vrf 1.1.1.1

Harold Ritter · ‎05-07-2024

Hi @abhishekgarg658545708 ,

> but how it send the icmp reply with VPN label because it don't know about the vpn routes

The P router will use the label stack used by the received packet and use it to forward the packet to the destination CE (CE2), which will do a lookup for 1.1.1.1 in its routing table and forward it towards the source CE (CE1).

This process is explained in the following document:

https://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/200510-Trace-route-in-MPLS-network.html

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

MHM Cisco World · ‎05-07-2024

udp traceroute traffic
how many Label in traffic ? it must be two
P use upper Label to send ICMP not lower label

MHM

Harold Ritter · ‎05-07-2024

Hi @MHM Cisco World ,

Only one label is sed in this case, as the P is the PHR in the LSP so top label is popped.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

abhishekgarg658545708 · ‎05-07-2024

Hi Harold Ritter

still have doubt

when a customer trigger a traceroute from CE-1 devices then PE-1 will add two stack one is MPLS transport label to reach other PE and other one is VPN label used to reach CE-2 but when a P router recieves the traceroute with TTL value 1 , it will reply to PE-1 with ICMP TTL exceed message so now P router has to send packet to destination 1.1.1.1 that is the part of VPN (VRF) and P doesn't have information 1.1.1.1 so how it will send reply

but in my case P router using 1.1.1.1 local label for reply to PE-1 for ttl exceed message so question is how P router get to know about the 1.1.1.1 label

Harold Ritter · ‎05-07-2024

Hi @abhishekgarg658545708 ,

> but in my case P router using 1.1.1.1 local label for reply to PE-1 for ttl exceed message so question is how P router get to know about the 1.1.1.1 label

The P router doesn't need to know the label for 1.1.1.1. what you are seeing in the Wireshark output is the traffic back from CE2. CE2 performs a lookup for destination address 1.1.1.1 and forwards the packet to its PE. The egress PE (7206VXR5) performs a lookup for destination address 1.1.1.1 in the local VRF, imposes the label stack (IGP label + service label) and forward the packet to the P router. The P router pops the top label as it is a penultimate hop router and forward the packet to 7206VXR2.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

MHM Cisco World · ‎05-07-2024

You see Upper Label 1000
this use By P to send ICMP to PE inform him that the TTL is exceed
do same in you case
check the Upper Label you will see it in P and next hop is the PE (or egress interface toward PE)
that how P reply to TTL exceed even so the Lower Label is unknow to P

MHM

Harold Ritter · ‎05-07-2024

Hi @MHM Cisco World ,

The fact that you are seeing one or two labels depends on where you capture the packets. For the flow going from CE1 to CE2, if you capture the packets on the link between 7206VXR2 and the P, you will see two labels (IGP+service label). If you capture between the P and 7206VXR5, you will see only one label (service label) as the IGP label has already been popped at that point.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México