Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

mpls ip propagate-ttl

Hi all,

should i use mpls ip propagate-ttl "forwarded" or "local" if i want to hide traceroute result in the PE cloud.

meaning, only lan/CE traceroute and the internet GW will be shown, and any PE router will be hide. please advice.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: mpls ip propagate-ttl

Hello,

I would say that you need the "forwarded" option, but it is not clear to me if you intend the traceroute result to be hidden for customer initiated traceroute's only.

Please have a look at the following "mpls ip propagate-ttl" documentation, which at the end includes traceroute examples for every possible configured option:

http://www.cisco.com/en/US/docs/ios/12_0st/12_0st14/feature/guide/rtr_14st.html#wp1067919

Kind Regards,

M.

16 REPLIES

Re: mpls ip propagate-ttl

Hasmurizal

For configuring PE(ingress E-LSR) to disable TTL propagation for forwarded packets (packets received from Customer (CE)) , preventing customer from learning IP addresses in MPLS cloud use

no mpls ip ttl-propgation forwarded

Likewise,if you wish to disable traceroute results for packets originating from PE itself, use

no mpls ip ttl-propgation local

HTH

Lejoe

Re: mpls ip propagate-ttl

Hello,

I would say that you need the "forwarded" option, but it is not clear to me if you intend the traceroute result to be hidden for customer initiated traceroute's only.

Please have a look at the following "mpls ip propagate-ttl" documentation, which at the end includes traceroute examples for every possible configured option:

http://www.cisco.com/en/US/docs/ios/12_0st/12_0st14/feature/guide/rtr_14st.html#wp1067919

Kind Regards,

M.

New Member

Re: mpls ip propagate-ttl

Hi M,

thank you for the documentaion given. i have tested by executing "mpls ip propagate-ttl" with "no mpls ip propagate-ttl local" and i believe i'm able to achieve my target.

but still need to discuss further interms of security wise, as i'm able to see my P router (vlan int before firewall). anyway, thanks

Re: mpls ip propagate-ttl

Hello,

Disabling "local" TTL propagation on a PE will hide the network structure in traceroute issued from that PE. The "local" option might be useful when troubleshooting broken LSP issues (enabling/disabling it on a PE). The "forward" option is the most common. Have you tested the "local" option with traceroute from various devices? Note that in the very last example of the documentation, the only reason for the IP address 1.0.0.4 not showing in the output is because it is an address of PE1 and trace is issued from PE1.

While looking at the diagram in your initial post, I can't decide which one is the P router you mentioned earlier. Are you refering to a router within the MPLS cloud not actually shown in the diagram? Or did you mean the PE connected to the firewall at the edge? If you would like to discuss this further, it would be useful if you could provide more details about your setup (which device connects to what, which interfaces have mpls enabled) and traceroute output (indicating from which device it was initiated and which part of the output is an issue for you).

Kind Regards,

M.

New Member

Re: mpls ip propagate-ttl

Hi,

Do you know how to diable forward option in case of IOS-XR ?

I see below in IOS-XR

IOS: no tag-switching ip propagate-ttl forwarded

IOS-XR: mpls ip-ttl-propagate disable

The difference is the key word "forwarded". So if you start the traceroute from an IOS-XR PE router all hops are hidden too.

Reagards,

Chintan

New Member

Re: mpls ip propagate-ttl

Hi Chintan,

i am not fully understand your question, kindly explain a little bit further?

New Member

Re: mpls ip propagate-ttl

Hi,

we have our standard config "no tag-switching ip propagate-ttl forwarded" so that we can see all core routers when do traceroute from PE.

But now when we see IOS-XR it has CLI "mpls ip-ttl-propagate disable" no option for local or forwarded. So, My question was we can't do traceroute from PE (IOS-XR) , i mean all core will be still hidden... Is there any alternative way ?

REgards,

Chintan

Cisco Employee

Re: mpls ip propagate-ttl

Chintan,

The behavior is applied equally to the forwarded and locally generated traffic when you use this command.

You should use the mpls traceroute functionality instead when tracing connectivity in your mpls core.

traceroute mpls ipv4

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: mpls ip propagate-ttl

Hi,

Is this also true when i am tracing connectivity to Customer CPE from PE ?

REgards,

Chintan

New Member

Re: mpls ip propagate-ttl

Dear Chintan

Not sure, but you might check this documentation.

http://www.cisco.com/en/US/docs/ios/12_0st/12_0st14/feature/guide/rtr_14st.html#wp1067919

New Member

Re: mpls ip propagate-ttl

I am looking for IOS-XR with same feature of IOS for ttl propogation disabled, if any .

Chintan

New Member

Re: mpls ip propagate-ttl

In this case i would suggest you would open a new thread. Specified all your info and scenarios, and asked any experts out there that could help you.

New Member

Re: mpls ip propagate-ttl

Hi ,

I tried to run CLI traceroute mpls ipv4 on IOS-XR router , it gives me below error to enable MPLS OAM capability.

RP/0/RP0/CPU0:R1.LAB#traceroute mpls ipv4 10.74.90.0/32

% MPLS Embedded Management Subsystem is not running.

To enable, use 'mpls oam' global config command.

RP/0/RP0/CPU0:R1.LAB#

REgards,

Chintan

New Member

Re: mpls ip propagate-ttl

hi chintan,

please open another thread.

Cisco Employee

Re: mpls ip propagate-ttl

Chintan,

As Hasmurizal mentioned, it is generally a good idea to open a new thread for a new question, even though it might be related to an already open thread.

Regards,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: mpls ip propagate-ttl

Chintan,

you have to enable "mpls oam" indeed in order to use mpls traceroute.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
2838
Views
9
Helpful
16
Replies