Wednesday, March 10, 2010

Traceroute in MPLS - detailed


Default Behavoir –
1.       IP to MPLS : TTL is decremented by 1 and copied from IP to pushed MPLS label TTL field
(this deceremented copy doesn’t happen in case “no mpls propogate-ttl” is applied, so newly imposed Label gets a default TTL of 255 in that case)
2.       MPLS to IP: TTL is checked. IF MPLS TTL is lower than IP TTL, it is copied. Else IP TTL remain intact
a.       PUSH/SWAP operation – new label gets the same existing TTL  a decremented TTL by 1.
b.      POP – if inner label has higher TTL, POP’ped Label’s TTL is overwritten on inner TTL. Else left as it is.
Intermediate LSR doesn’t touch inner label, only decrements outer label.
Intermediate P routers which dont have IP route to a CE will return back the ICMP time-exceeded back onto the same LSR. This way PE1 will receive the ICMP Time-exceeded from P for CE. And Traceroute works.

1. “no mpls propogate-ttl” - newly imposed Label gets a default TTL of 255 for both switched             transit traffic and locally generated traffic.

2. “forwarded” - newly imposed Label gets a default TTL of 255 for only switched transit traffic.             Locally originated traffic via “trace vrf ” or “trace” command still will have a TTL of 1 imposed on the newly imposed label.

3.no mpls ip propogate-ttl local - when traffic is locally originated using “trace vrf” command or trace, if the packet becomes labeled by the local router, the new label will get 255 TTL.
Note for PE1-P-PE2 topology, packet from PE1 to PE2 is not label switched due to PHP. So the testing by disabling “local” wont give the expected result coz the packet never becomes labeled. The packet will be routed based on IP TTL and we’ll be able to see all the hops inspite having added “no mpls ip propog local”
            This can be correctly tested on PE1-P1-P2-PE2 topology where PHP doesn’t apply for packetsets sent from PE1 to PE2.

Logic: If TTL copying is stopped on the first hop where packet becomes labeled, e.g. For CE1 to CE2 trace, if “no mpls propogate” is configured on PE1, this “propogate” command is no more needed anywhere else in the path coz the first hop PE1 will set the Label-TTL as 255. Even if it is reduced by 1 by each hop, it’ll never become zero to be able to retured to the initiator of the trace. This will only become Zero once the packet is ready to be switched based on IP header (when the label is removed on PE2).

Test1:
Topology CE1-PE1-P-PE2-CE2
Configured “no mpls ip propogg forwarded” on PE1.
Trace from CE1 to CE2.

1st hop will be PE1 VRF interface.
2nd hop will be PE2 VRF interface
3rd will be CE2 physcial interface.
P is hidden

Test2:
same config –
Topology CE1-PE1-P-PE2-CE2
Configured “no mpls ip propog forwarded” on PE1.
Trace from PE1-VRF to CE2.
All hops P, PE2 and CE2 will be visible as “local” keyword is not used.

 Test3:
Topology CE1-PE1-P-PE2-CE2
Configured “no mpls ip propogg local” on PE1.
Trace from PE1-VRF to CE2.
Only PE2 and CE2 will be visible as “local” keyword now used. P is hidden.

Test4:
Topology CE1-PE1-P-PE2-CE2
Configured “no mpls ip propogg local” on PE1.
Trace from PE1 global to PE2 global.
All hops P, and PE2 will be visible as packet never becomes labeled due to PHP.

Changed topology to Topology CE1-PE1-P1-P2-PE2-CE2
Trace from PE1 global to PE2 global.
Now only P2 and PE2 are visible. P1 is hidden. Packet is labeled on PE1 with MPLS-TTL= 255. P is hidden. Packet crossed P1 and reached P2. P2 makes the packet “IP packet” by removing the label due to PHP.  P2 and PE2 will reply to trace based on IP TTL.




7200a#traceroute vrf VRF 120.120.120.120

Type escape sequence to abort.
Tracing the route to 120.120.120.120

  1 10.0.3.5 [MPLS: Labels 64/68 Exp 0] 232 msec 180 msec 156 msec
à local router sent the packet to 10.0.3.5 with labels 64,68 (64 is LDP and 68 is VPN)

  2 10.0.5.11 [MPLS: Labels 65/68 Exp 0] 84 msec 80 msec 148 msec
à router 10.0.3.5 forwarded the packet with 65,68. (so a swapping of 64 to 65 happened)

  3 120.120.120.120 124 msec *  260 msec
à router 10.0.5.11 sent an IP packet to destination router 120.120.120.120