Solved: MPLS Traceroute not showing all hops

Spinovski · ‎01-03-2022

Hello,

I work with an MPLS service provider, we have this weird this with our Cisco routers, when the client does a traceroute from their Site-A to Site-B and also do the opposite, they get difference results, always missing 2 hops. The client thinks there is a routing issue but in fact it's not, the traffic is going through but why certain hops are not displayed ?

More details here:

Traceroute from Site A core switch to Site B core switch "10.10.20.1" that is connected to internal LAN (missing 2 hops, which are PE next to CE-Site-B and CE-Site-B WAN IP), this is weid because usually when a router doesn't respond to ICMP request the sender router is supposed to display Asterisk ( ************) that means no response.

CoreSW-Site-A#traceroute 10.10.20.1

Type escape sequence to abort.
Tracing the route to 10.10.20.1

1 172.16.9.5 0 msec 0 msec 0 msec <===== CE-Site-A LAN interface
2 172.31.122.189 4 msec 4 msec 0 msec <==== PE next to CE-Site-A 
3 172.16.254.1 4 msec * 0 msec <=====Client equipment connected to CE-Site-B LAN interface

Traceroute from Site B core switch to Site A core switch "10.11.1.1" that is connected to internal LAN (this is correct, it shows all 5 hops)

CoreSW-CE-Site-B#trace 10.11.1.1

Type escape sequence to abort.
Tracing the route to 10.11.1.1

1 172.16.254.2 0 msec 4 msec 0 msec <====== CE-Site-B LAN interface "ASR-920" 
2 172.31.122.237 0 msec 0 msec 4 msec <======PE next to CE-Site-B  "ASR-903"
3 172.31.122.189 0 msec 4 msec 4 msec <======PE next to CE-Site-A
4 172.31.122.190 4 msec 4 msec 0 msec <======== CE-Site-A WAN interface
5 172.16.9.2 4 msec * 0 msec <====== Client equipment connected to CE-Site-A LAN interface

Two other tests done directly from our CEs:

Traceroute from CE-Site-A LAN interface to CE-Site-B LAN interface (Shows only 2 hops, missing PE next to Site-B router "172.31.122.237"

CE-Site-A#trace 172.16.254.2 source g0/0/1
Type escape sequence to abort.
Tracing the route to 172.16.254.2
VRF info: (vrf in name/id, vrf out name/id)

1 172.31.122.189 2 msec 3 msec 2 msec <===== PE next to Site-A router 
2 172.31.122.238 [AS 22652] 5 msec * 7 msec  <======= CE-Site-A WAN interface

Traceroute from CE-Site-B router LAN interface to CE-Site-A LAN interface ( Shows 3 hops which is correct )

CE-Site-B#trace 172.16.9.5 source te0/0/3
Type escape sequence to abort.
Tracing the route to 172.16.9.5
VRF info: (vrf in name/id, vrf out name/id)

1 172.31.122.237 4 msec 0 msec 4 msec <====PE next to CE-Site-B 
2 172.31.122.189 [AS 22652] 24 msec 4 msec 4 msec <==== PE next to CE-Site-A 
3 172.31.122.190 [AS 22652] 4 msec * 4 msec <==== CE-Site-A WAN interface

Please note that there is no ACL neither on CEs or PEs, Any idea why this behaviour is happening ?

Thank you,

Amine

Spinovski · ‎01-03-2022

Hello Harold,

Indeed, this was related to mpls propapage-ttl, it was disabled on PE next Site-A, everything is fine now.

I appreciate your help !

View solution in original post

Harold Ritter · ‎01-03-2022

Hi @Spinovski ,

This is due to the PE directly connected to CE site A being configured to set the MPLS TTL to 255, rather than copying the incoming packet IP TTL to the MPLS TTL. This causes the core routers to be hidden from the traceroute. The other PE (directly connected to CE site B) seem to have default configuration, which is to copy IP TTL into the MPLS TTL.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Spinovski · ‎01-03-2022

Hello Harold,

Indeed, this was related to mpls propapage-ttl, it was disabled on PE next Site-A, everything is fine now.

I appreciate your help !