05-07-2024 09:24 AM - edited 05-07-2024 09:34 AM
i created L3VPN senario to test MPLS VRF traceroute functionality
CE-1 (R1) 1.1.1.1
CE-2 (R6) 6.6.6.6
when i did traceroute from CE-1 to CE-2 , below output is getting , but my question is when R3(P) router receive the traceroute with ttl 1 so it will send ICMP ttl exceed towards PE-1 but how it send the icmp reply with VPN label because it don't know about the vpn routes
P router replies with MPLS VPN label 105 that is vpn local label of 1.1.1.1 VRF which is store in PE-1 so how P router knows about this label
##################################################################################
Router#traceroute ip 6.6.6.6 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 6.6.6.6
VRF info: (vrf in name/id, vrf out name/id)
1 172.1.1.1 16 msec 12 msec 0 msec
2 10.0.0.2 [MPLS: Labels 300/506 Exp 0] 96 msec 56 msec 68 msec
3 173.1.1.1 [AS 100] [MPLS: Label 506 Exp 0] 56 msec 44 msec 48 msec
4 173.1.1.2 [AS 100] 88 msec 96 msec *
#####################################################################################
PE-1 table
Router#sh mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
100 300 5.5.5.5/32 0 Fa0/0 10.0.0.2
102 Pop Label 3.3.3.3/32 112 Fa0/0 10.0.0.2
103 Pop Label 30.0.0.0/24 0 Fa0/0 10.0.0.2
104 303 40.0.0.0/24 0 Fa0/0 10.0.0.2
105 No Label 1.1.1.1/32[V] 9754 Fa2/0 172.1.1.2
##############################################################################
this is the P capture where ICMP reply comes with label 105 which is the local label of vrf 1.1.1.1
05-07-2024 09:32 AM - edited 05-07-2024 09:39 AM
> but how it send the icmp reply with VPN label because it don't know about the vpn routes
The P router will use the label stack used by the received packet and use it to forward the packet to the destination CE (CE2), which will do a lookup for 1.1.1.1 in its routing table and forward it towards the source CE (CE1).
This process is explained in the following document:
Regards,
05-07-2024 09:50 AM
udp traceroute traffic
how many Label in traffic ? it must be two
P use upper Label to send ICMP not lower label
MHM
05-07-2024 09:59 AM
Hi @MHM Cisco World ,
Only one label is sed in this case, as the P is the PHR in the LSP so top label is popped.
Regards,
05-07-2024 09:54 AM
still have doubt
when a customer trigger a traceroute from CE-1 devices then PE-1 will add two stack one is MPLS transport label to reach other PE and other one is VPN label used to reach CE-2 but when a P router recieves the traceroute with TTL value 1 , it will reply to PE-1 with ICMP TTL exceed message so now P router has to send packet to destination 1.1.1.1 that is the part of VPN (VRF) and P doesn't have information 1.1.1.1 so how it will send reply
but in my case P router using 1.1.1.1 local label for reply to PE-1 for ttl exceed message so question is how P router get to know about the 1.1.1.1 label
05-07-2024 10:10 AM
> but in my case P router using 1.1.1.1 local label for reply to PE-1 for ttl exceed message so question is how P router get to know about the 1.1.1.1 label
The P router doesn't need to know the label for 1.1.1.1. what you are seeing in the Wireshark output is the traffic back from CE2. CE2 performs a lookup for destination address 1.1.1.1 and forwards the packet to its PE. The egress PE (7206VXR5) performs a lookup for destination address 1.1.1.1 in the local VRF, imposes the label stack (IGP label + service label) and forward the packet to the P router. The P router pops the top label as it is a penultimate hop router and forward the packet to 7206VXR2.
Regards,
05-07-2024 10:11 AM - edited 05-07-2024 10:13 AM
You see Upper Label 1000
this use By P to send ICMP to PE inform him that the TTL is exceed
do same in you case
check the Upper Label you will see it in P and next hop is the PE (or egress interface toward PE)
that how P reply to TTL exceed even so the Lower Label is unknow to P
MHM
05-07-2024 10:17 AM
Hi @MHM Cisco World ,
The fact that you are seeing one or two labels depends on where you capture the packets. For the flow going from CE1 to CE2, if you capture the packets on the link between 7206VXR2 and the P, you will see two labels (IGP+service label). If you capture between the P and 7206VXR5, you will see only one label (service label) as the IGP label has already been popped at that point.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide