Hi M,

thank you for the documentaion given. i have tested by executing "mpls ip propagate-ttl" with "no mpls ip propagate-ttl local" and i believe i'm able to achieve my target.

but still need to discuss further interms of security wise, as i'm able to see my P router (vlan int before firewall). anyway, thanks

Hello,

Disabling "local" TTL propagation on a PE will hide the network structure in traceroute issued from that PE. The "local" option might be useful when troubleshooting broken LSP issues (enabling/disabling it on a PE). The "forward" option is the most common. Have you tested the "local" option with traceroute from various devices? Note that in the very last example of the documentation, the only reason for the IP address 1.0.0.4 not showing in the output is because it is an address of PE1 and trace is issued from PE1.

While looking at the diagram in your initial post, I can't decide which one is the P router you mentioned earlier. Are you refering to a router within the MPLS cloud not actually shown in the diagram? Or did you mean the PE connected to the firewall at the edge? If you would like to discuss this further, it would be useful if you could provide more details about your setup (which device connects to what, which interfaces have mpls enabled) and traceroute output (indicating from which device it was initiated and which part of the output is an issue for you).

Kind Regards,

M.

Hi,

Do you know how to diable forward option in case of IOS-XR ?

I see below in IOS-XR

IOS: no tag-switching ip propagate-ttl forwarded

IOS-XR: mpls ip-ttl-propagate disable

The difference is the key word "forwarded". So if you start the traceroute from an IOS-XR PE router all hops are hidden too.

Reagards,

Chintan

Hi Chintan,

i am not fully understand your question, kindly explain a little bit further?

Hi,

we have our standard config "no tag-switching ip propagate-ttl forwarded" so that we can see all core routers when do traceroute from PE.

But now when we see IOS-XR it has CLI "mpls ip-ttl-propagate disable" no option for local or forwarded. So, My question was we can't do traceroute from PE (IOS-XR) , i mean all core will be still hidden... Is there any alternative way ?

REgards,

Chintan

Chintan,

The behavior is applied equally to the forwarded and locally generated traffic when you use this command.

You should use the mpls traceroute functionality instead when tracing connectivity in your mpls core.

traceroute mpls ipv4

Regards

Hi,

Is this also true when i am tracing connectivity to Customer CPE from PE ?

REgards,

Chintan

Dear Chintan

Not sure, but you might check this documentation.

http://www.cisco.com/en/US/docs/ios/12_0st/12_0st14/feature/guide/rtr_14st.html#wp1067919

I am looking for IOS-XR with same feature of IOS for ttl propogation disabled, if any .

Chintan

In this case i would suggest you would open a new thread. Specified all your info and scenarios, and asked any experts out there that could help you.

Hi ,

I tried to run CLI traceroute mpls ipv4 on IOS-XR router , it gives me below error to enable MPLS OAM capability.

RP/0/RP0/CPU0:R1.LAB#traceroute mpls ipv4 10.74.90.0/32

% MPLS Embedded Management Subsystem is not running.

To enable, use 'mpls oam' global config command.

RP/0/RP0/CPU0:R1.LAB#

REgards,

Chintan

hi chintan,

please open another thread.