Trace route from HQ CE to branch CE didn't show the Bracnh PE ip address

Answered Question
Feb 6th, 2009
User Badges:

I trace route from HQ to 2 branches, Branch 1 and Branch 2, it is going through the mpls could. Branch 1 didn't show the branch PE ip address but Branch 2 did. Any idea why this is happen?


HQ#trace x.x.x.110 --> Branch 1

Type escape sequence to abort.

Tracing the route to x.x.x.110

1 x.x.x.121 12 msec 12 msec 12 msec -> HQ PE

2 x.x.x.110 32 msec 96 msec * ->Branch CE



HQ#trace x.x.x.254 -- branch2

Type escape sequence to abort.


Tracing the route to x.x.x.254

1 x.x.x.121 12 msec 12 msec 12 msec ->HQ PE

2 x.x.x.253 36 msec 36 msec 36 msec ->Branch PE

3 x.x.x.254 48 msec 92 msec * ->Branch CE

Correct Answer by Giuseppe Larosa about 8 years 4 months ago

Hello Guo,

an MPLS service provider has faculty to show or hide the intermediate router hops in a traceroute started by a customer.


There is a specific command for this


mpls ip propagate-ttl


with some options


Probably your SP hasn't a coherent configuration of this in all of these routers PE nodes and from this comes the different behaviour of the two traceroutes.


By the way the real number of service providers nodes is hidden also by the fact you are probably inside a L3 VPN service.


So the command described above has effects only on exit PE.


I mean between HQ PE and Branch PE there can be one or more devices that perform MPLS switching.


So in any case your result doesn't reflect the real path.


In fact, the tracerouter works by sending probes with increasing TTL.


However once TTL=2 the packet travels up to the exit PE devices in the middle don't process it if the MPLS TTL is not a copy of the carried packet.

the exit PE can appear on the traceroute or not depending on the settings of ip mpls propagate-ttl


Hope to help

Giuseppe


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
johnlloyd_13 Fri, 02/06/2009 - 23:54
User Badges:
  • Blue, 1500 points or more

your SP may configured the branch 1 PE router to prohibit icmp or any diagnostic packets to run through on it. this would be due to security issues, but you should talk to your SP and escalate this with them since you pay for the service.

Correct Answer
Giuseppe Larosa Sat, 02/07/2009 - 03:09
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Guo,

an MPLS service provider has faculty to show or hide the intermediate router hops in a traceroute started by a customer.


There is a specific command for this


mpls ip propagate-ttl


with some options


Probably your SP hasn't a coherent configuration of this in all of these routers PE nodes and from this comes the different behaviour of the two traceroutes.


By the way the real number of service providers nodes is hidden also by the fact you are probably inside a L3 VPN service.


So the command described above has effects only on exit PE.


I mean between HQ PE and Branch PE there can be one or more devices that perform MPLS switching.


So in any case your result doesn't reflect the real path.


In fact, the tracerouter works by sending probes with increasing TTL.


However once TTL=2 the packet travels up to the exit PE devices in the middle don't process it if the MPLS TTL is not a copy of the carried packet.

the exit PE can appear on the traceroute or not depending on the settings of ip mpls propagate-ttl


Hope to help

Giuseppe


Actions

This Discussion