Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

MPLS VPN problem

Status
Not open for further replies.
mainstreetexpress

mainstreetexpress

Technical User
Jan 9, 2003
92
0
0
GB
Hi
I have successfully managed to set up an MPLS VPN lab up and CE-CE connection is fine. However if I traceroute from CE-CE i can see the core network as well i.e.

C:\>tracert 10.1.10.2

Tracing route to 10.1.10.2

over a maximum of 30 hops:
1 <10 ms <10 ms <10 ms 10.20.255.254|CE network
2 <10 ms <10 ms <10 ms 10.0.0.1 |
3 <10 ms <10 ms 10 ms 192.168.1.1 |Core network
4 <10 ms 10 ms <10 ms 192.168.1.5 |
5 10 ms <10 ms <10 ms 192.168.1.9 |
6 <10 ms <10 ms <10 ms 10.1.0.1 |CE network
7 81 ms 70 ms 80 ms 10.1.0.2 |

I assumed that to the end user the network would look transparent i.e. no 192.168.1.x would appear.

Does anyone have any ideas why this is happening?

Cheers

Mark
 
Sort by date Sort by votes
I maybe wrong on this I haven't worked on MPLS in a while and I don't have access to a lap big enough to test this. Also I maybe a little off on how traceroute works. But I think your assumption of not being able to see the transit network in MPLS could be wrong. In the routing table your should only see the 10.x.x.x networks. I bet if you try to ping these 192.x.x.x networks it would not work becuase the CE routers will not have a route to these destinations.

So lets go through the process of traceroute in an MPLS network. You send out the traceroute. So the first packet with a TTL of 1 or 0 is sent out. The CE router responds before the shim is installed. The Second packet goes out and gets to the core router. Here is my guess. Even with the shim bit the router will still need to check the TTL and respond back with a Time Exceed or else you would run into the possible problem of packets going on for infinity which is why the TTL was developed.

So you should not see these networks in your routing table but you may see them on a traceroute.

Let me know what you find out and what you think.

NetEng.
 
Upvote 0 Downvote
Hi
I've fixed the problem, I added

no mpls ip propagate-ttl forwarded

to the PE routers, now from the CE side it looks like just one hop to the remote side without showing any 192 addresses

Incidentally using the forwarded command still means that if you VRF tracert from PE-PE, it will still show the route though the core network which is great for troubleshooting
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DavidSigma
  • Locked
  • Question
CP7861 problem
Replies
0
Views
49
DavidSigma
DavidSigma
quazimotto
  • Locked
  • Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
37
quazimotto
quazimotto
khashyar2021
  • Locked
  • Question
Problem with cisco switch after upgrading
Replies
1
Views
72
Geraldine Souza
Geraldine Souza
canflyguy
  • Locked
  • Question
Cisco RV-340 SIP problem
Replies
1
Views
64
DrB0b
DrB0b
tviman
  • Locked
  • Question
Same subnet on each side of a VPN 1
Replies
2
Views
42
tviman
tviman

Part and Inventory Search

Sponsor

Back
Top