Disabling TTL in MPLS

Unanswered Question
Apr 22nd, 2008
User Badges:

I am working with a service providers network. They want to get TTL disabled for the purpose of TRACEROUTING to be more visible, means when tracerouting is done, it should show the IP ADD where it is dropping the packet. Should I use no propagate ttl command or else? what will be the impact on the network if i do this?


Please suggest.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mlund Tue, 04/22/2008 - 04:36
User Badges:
  • Silver, 250 points or more

Hi

ttl propagation is on by default on cisco routers doing mpls, this means they copy the ttl value from the ip packet and insert the value in mpls-header decrement by 1 and send the packet. If you want to turn off that then use no mpls ip propagate-ttl. The drawback of having ttl propagate, the network is visible by the customer (god or bad, I'm not sure). The icmp ttl-expired message have to be handled by the cpu, thus making it a security vulnerable. This is what comes into my mind. A link that explains it a little bit more.

http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a008020a42a.shtml


/Mikael

svermill Tue, 04/22/2008 - 06:36
User Badges:
  • Bronze, 100 points or more

I think the first question for you to address is whether or not the service provider wants TTL/traceroute enabled for their clients or for their own internal management VLAN/network?


There are many nuances to traceroute in an MPLS backbone, so consider reading up on all of the details before you implement any changes. Unfortunately, all of my references would be books vs. links, and I'm on the road and do not have access to my library at the moment. Most general-purpose MPLS books cover this topic in varying degrees of detail and no doubt the link given above has lots of good stuff...


Actions

This Discussion