Maybe I'm wrong, but I thought that the extended MPLS info only showed up when the trace was started on a PE or P router. Is that right? If customers or others outside the MPLS domain can see that info I'd definitely agree with you. Mike -----Original Message----- From: Leo Bicknell [mailto:bicknell@ufp.org] Sent: Thursday, August 14, 2003 12:40 PM To: nanog@merit.edu Subject: MPLS ICMP Extensions I wanted to get some other opinions on some new features that have appeared in recent code from the popular vendors. It appears there is a new draft, a copy of which can be found at http://www.watersprings.org/links/mlr/id/draft-ietf-mpls-icmp-01.txt that allows MPLS enabled boxes to return some additonal information in a traceroute packet. That's all well and good, and I can see how that might be amazingly useful to someone running an MPLS network, however, it seems to expose data much further than the local network. Here's a random example from a traceroute I recently performed (on a Juniper): traceroute wcg.net [snip] 11 hrndva1wcx3-oc48.wcg.net (64.200.95.117) 91.935 ms 102.652 ms 92.960 ms MPLS Label=13198 CoS=0 TTL=1 S=1 12 hrndva1wcx2-oc48.wcg.net (64.200.95.77) 92.593 ms 92.785 ms 93.119 ms MPLS Label=12676 CoS=0 TTL=1 S=1 13 nycmny2wcx2-oc48.wcg.net (64.200.240.45) 93.273 ms 93.121 ms 93.067 ms MPLS Label=12632 CoS=0 TTL=1 S=1 14 nycmny2wcx3-oc48.wcg.net (64.200.87.78) 104.755 ms 91.949 ms 92.169 ms MPLS Label=12672 CoS=0 TTL=1 S=1 15 chcgil1wcx3-oc48.wcg.net (64.200.240.37) 92.021 ms 91.737 ms 91.684 ms MPLS Label=12592 CoS=0 TTL=1 S=1 16 chcgil1wcx3-pos5-0.wcg.net (64.200.210.114) 175.907 ms 278.144 ms 203.763 ms MPLS Label=12695 CoS=0 TTL=1 S=1 17 chcgil1wcx2-oc48.wcg.net (64.200.103.73) 93.286 ms 93.230 ms 93.593 ms MPLS Label=13506 CoS=0 TTL=1 S=1 18 stlsmo3wcf1-atm.wcg.net (64.200.210.158) 92.780 ms 92.344 ms 92.596 ms It appears both Cisco and Juniper support this new feature. The question I quickly asked both vendors is how do you turn this behavior off, so the traceroutes appear as they did before this feature was introduced. The answer, apparently, is you don't. You can either disable TTL processing on your MPLS tunnels (in effect disabling traceroute), or you can have it output all this extra information. The response I'm getting so far from each vendor is they believe this are the right two options to offer. Thus, my post here. I think there are more people out there who would like to not expose their MPLS labels, Class of Service info, or anything else this feature can provide (because, I don't know all of what it can display), but still allow traceroute to work normally. If I'm off in the deep end, please tell me so, if not, please tell your vendor rep you'd like the "icmp no mpls info" knob. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
In a message written on Thu, Aug 14, 2003 at 01:21:28PM -0500, Mike Bernico wrote:
Maybe I'm wrong, but I thought that the extended MPLS info only showed up when the trace was started on a PE or P router. Is that right?
I did the traceroute from a router with _NO_ mpls commands turned on, and it's on a network that uses _NO_ mpls today. Basically from reading the draft if the router that generates the ICMP unreachable received the packet with an MPLS label, it adds the MPLS info to the returned data. As long as your traceroute can parse/show it (so far I've only confirmed Juniper can do it), it will be displayed to the world. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
As far as I remember we have seen labels from other providers, until they turned on the "traceroute hide". And there was no LDP coupling between them and us so ... . That was with Cisco in both networks. The question is if these information cause any problem for you - despite curious customers asking ;-) The labels seem to be allocated from a start value - usually 20, 1024, 4096 or such, depending on your system, OS version - in an incremental order, so guessing labels isn't that difficult. If your network accepts labels although it shouldn't then the extra information in ICMP doesn't really make things worse anymore. Marc On Thursday, August 14, 2003, at 08:39 PM, Leo Bicknell wrote:
In a message written on Thu, Aug 14, 2003 at 01:21:28PM -0500, Mike Bernico wrote:
Maybe I'm wrong, but I thought that the extended MPLS info only showed up when the trace was started on a PE or P router. Is that right?
I did the traceroute from a router with _NO_ mpls commands turned on, and it's on a network that uses _NO_ mpls today.
Basically from reading the draft if the router that generates the ICMP unreachable received the packet with an MPLS label, it adds the MPLS info to the returned data. As long as your traceroute can parse/show it (so far I've only confirmed Juniper can do it), it will be displayed to the world.
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org <mime-attachment> -- Marc Binderberger <marc@sniff.de> Powered by *BSD ;-)
participants (3)
-
Leo Bicknell
-
Marc Binderberger
-
Mike Bernico