cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3400
Views
5
Helpful
9
Replies

MPLS VPN Label in Traceroute

John Blakley
VIP Alumni
VIP Alumni

All,

I have mpls label propagation disabled on my PE routers (no mpls ip propagate-ttl), but I'm seeing the very last hop's label and can't figure out why. I attached a topology diagram. (8.8.8.8 is LO8 on R8 across the mpls network.)

R7#trace 8.8.8.8

Type escape sequence to abort.

Tracing the route to 8.8.8.8

  1 172.10.17.1 24 msec 20 msec 4 msec

  2 172.10.68.2 [AS 68] [MPLS: Label 26 Exp 0] 24 msec 40 msec 40 msec

  3 172.10.68.8 [AS 68] 28 msec 12 msec *

R7#

Thanks!

John

HTH, John *** Please rate all useful posts ***
9 Replies 9

milan.kulik
Level 10
Level 10

Hi,

looking to the

http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a008020a42a.shtml

article, it might be some combination of

"R2 appends the label 47 (the incoming label that expired) to the ICMP message. It does not send the packet to R1 directly. Instead, it consults its label forwarding information base (LFIB) and finds it should use a label of 45 for packets received with a label of 47. It puts a label of 45 on the packet and sends the TTL-expired ICMP message to R3."

and   no mpls ip propagate-ttl configuration command.

Maybe penultimate hop popping takes some role, too?

In your diagram:

R1 and R6 are PEs?

172.10.68.2 is an IP address of R6 interface?

And you are tracing from R7 to 8.8.8.8 loopback on R8?

Or R8 is a PE? If yes, I could imagine  R6 behaiving the same way as R2 in the above example and copying

the incoming label that expired to the ICMP message (due to the penultimate hop popping).

HTH,

Milan

Hey Milan,

In your diagram:

R1 and R6 are PEs?

Yes they are

172.10.68.2 is an IP address of R6 interface?

Yes it is

And you are tracing from R7 to 8.8.8.8 loopback on R8?

Yes I am

Or R8 is a PE?

R8 is a CE

I'm not sure why it's showing the last label. It could be an IOS issue because everything that I've read points to "no mpls ip propagate-ttl" only needing to be on the PE. I thought PHP was the default behavior in IOS?

Thanks!

John

HTH, John *** Please rate all useful posts ***

Hi John,

I suppose you are running MPLS VPNs probably?

So a stack of two MPLS labels is used in the backbone in fact?

In that case:

PHP working on R5 removes the first MPLS label.

But still the second label is sent in the packet to R6 PE router. (To distinguish the target VRF.)

I.e., R6 still recieves an MPLS packet in fact. But possibly with the original TTL=1 already?

So R6 realizes an MPLS packet with TTL expired. It just knows the target VRF.

So it copies the incoming label to the ICMP message and forwards the ICMP message back to the source IP address  based on the target VRF routing table (i.e., with the 172.10.68.2 source address).

Does this make a sense?

BR,

Milan

john,

From your diagram R5 does the PHP as R6 is the PE and its send the  label=3. So, R5 pops the outer label and sends the VPN label to R6 which carries the route-target. Since this is still a VPN label R6 looks up into its LFIB.

Now, techincally if the TTL and all were copied correctly, R6 should copy the TTL(251 in your case) from the MPLS header to the IP header and forward it on the Eth interface to R8.

But in your case, looks like when the packet reaches R6 the TTL is 1 and R6 decrements the TTL and sends back the ICMP.

Since you are labbing this , i have labbed this and I dont see an issue.  I guess its probably the IOS or the simulator.

As you can see below the first traceroute is without the "no mpls ip propagate-ttl" and second one is with the command. you can see that  It skips the P1 router in the topology and directly goes to the PE2. I can send u the configs if u like

CE31A#traceroute 10.1.32.49 

Type escape sequence to abort.

Tracing the route to 10.1.32.49

  1 150.3.31.18 20 msec 24 msec 4 msec

  2 192.168.3.50 40 msec 16 msec 24 msec

  3 150.3.32.18 [AS 65001] 40 msec 36 msec 16 msec

  4 150.3.32.17 [AS 65001] 20 msec *  12 msec

with the "no mpls ip propagate-ttl".

CE31A#traceroute 10.1.32.49

Type escape sequence to abort.

Tracing the route to 10.1.32.49

  1 150.3.31.18 32 msec 24 msec 12 msec

  2 150.3.32.18 [AS 65001] 12 msec 28 msec 32 msec

  3 150.3.32.17 [AS 65001] 48 msec *  48 msec

CE31A#

Regards,

HTH

Thanks Kishore. I'm assuming that It's an IOS issue. Everything I've been reading says that I should really only be seeing 2 hops and not the 3 that I'm seeing. I'm going to update the IOS and see if that helps.

Thanks!

HTH, John *** Please rate all useful posts ***

I'm thinking it's more than an IOS issue. I have a version 4 builds behind my original and it's still doing it:

On PE-Rtr2:

R2(config)#do sh run | inc propa

no mpls ip propagate-ttl

R2(config)#

On PE-Rtr4:

R4#sh run | inc prop

no mpls ip propagate-ttl

R4#

I'm tracing from 5 to 1 with 2 and 4 being my PE routers and 3 my P router.

R5#trace 1.1.1.1

Type escape sequence to abort.

Tracing the route to 1.1.1.1

  1 10.1.45.4 16 msec 28 msec 4 msec

  2 10.1.12.2 [AS 234] [MPLS: Label 21 Exp 0] 12 msec 12 msec 16 msec

  3 10.1.12.1 [AS 234] 20 msec 44 msec *

R5#

This is on a whole new lab too (I've attached the diagram). Can you tell me what IOS you're using for your lab? I'd really like to see this work, and in theory it should be. I know that when I trace from one of my routers through our MPLS provider, I only see their PE and my end router with no labels so I know this is possible.

Thanks!

John

HTH, John *** Please rate all useful posts ***

I had this setup in my lab before and it worked as it should, not had chance to replicate for this post but, you may need to apply this all routers in the mpls network? ( ce pe & p )..Anything not disabling propagation should up apart from the last hop due to php.

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi john,

The IOS I am using is c7200-jk9su2-mz.123-23.bin.

HTH

Kishore

That image works fine. I wonder what the difference between that is and the 3745? Either way, I can see it work now. The only problem is this:

With "no mpls ip propagate-ttl":

R1#trace 5.5.5.5

Type escape sequence to abort.

Tracing the route to 5.5.5.5

  1 172.1.12.2 32 msec 28 msec 20 msec

  2 172.1.45.4 [AS 45] 68 msec 64 msec 56 msec

  3 172.1.45.5 [AS 45] 80 msec *  80 msec

R1#

With "mpls ip propagate-ttl" enabled:

R1#trace 5.5.5.5

Type escape sequence to abort.

Tracing the route to 5.5.5.5

  1 172.1.12.2 40 msec 40 msec 20 msec

  2 10.1.23.3 72 msec 80 msec 80 msec

  3 172.1.45.4 [AS 45] 60 msec 60 msec 60 msec

  4 172.1.45.5 [AS 45] 88 msec *  104 msec

R1#

I don't see any labels in either of the traces, but I'm hiding my internal hops from the customer which is good. I wonder why the 3745 enables label reporting via traceroute and the 7200 series doesn't.

Thanks,

John

HTH, John *** Please rate all useful posts ***
Review Cisco Networking for a $25 gift card