Tracerouting in MPLS Networks

Tracerouting in an MPLS network is a bit different compared to tracerouting in an IP network. The probes sent are the same, but the routers that are running MPLS treat the ICMP messages differently. Look at Figure 13-4, which shows an MPLS VPN network that will be used to show how tracerouting works in an MPLS network.

Figure 13-4 Tracerouting in an MPLS Network: Network london-ce VRF cust-one london

MPLS Network

Loopback 0 VRF 10.1.2.1

london-ce VRF cust-one london

MPLS Network

Loopback 0 VRF 10.1.2.1

This network has two CE routers, two PE routers, and two P routers. The traceroute is done on the left CE router toward the right CE router. The packets that the CE router sends are still UDP packets with high destination UDP ports. The first probe has IP TTL set to 1 and is received on the VRF interface on the ingress PE router. The TTL of the packet expires on the ingress PE, and it sends an ICMP message "TTL exceeded" back to the CE. This is the same behavior as tracerouting in an IP network. Figure 13-5 shows the first probe.

Figure 13-5 Tracerouting in an MPLS Network: Probe 1

Probe 1

UDP

Dest IP Addr =

10.1.2.1

Source IP Addr

= 10.1.1.1

TTL = 1

Dest UDP Port

= 35678

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.1.1.2 TTL = 255 TTL Exceeded

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.1.1.2 TTL = 255 TTL Exceeded

The CE sends the second probe. The ingress PE receives it, lowers the TTL by 1, and adds two labels: the VPN label, followed by the IGP label on top. The TTL of both labels is set to 1, in compliance with the rules mentioned in the previous section. The ingress PE forwards this packet to the next LSR, a P router. This P router sees the TTL in the top label expiring. It removes the label stack, examines the IP header of the underlying packet, and creates an ICMP message "TTL expired." Because this is a new packet, the IP TTL and the TTL in the labels are set to a value of 255. The source IP address is the IP address on the incoming interface of the P router. This ICMP message is not sent directly to the originator of the packet. Instead, a label stack is put onto the ICMP message—as if this were the original packet being forwarded according to the LFIB—and forwarded along the original LSP toward the egress LSR. On the egress PE router, the labels are stripped off, and the IP packet is forwarded. Because the IP destination of the original packet was not directly connected to the egress PE router, the outgoing label on the egress PE is "No Label." As such, the unlabeled IP packet is directly forwarded—without an IP lookup—toward the CE router. That CE router has the destination IP address of the ICMP message in its routing table and returns the ICMP message. Eventually, the CE router on the left receives the ICMP message. Figure 13-6 shows the path of this second probe.

Figure 13-6 Tracerouting in an MPLS Network: Probe 2

UDP

Dest IP Addr =

10.1.2.1

Source IP Addr

= 10.1.1.1

TTL = 2

Dest UDP Port

= 35678

IGP Label TTL = 1

VPN Label TTL = 1

Dest IP Addr = 10.1.2.1 Source IP Addr = 10.1.1.1 TTL = 1

Dest UDP Port = 35678

Probe 2

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 255 TTL Exceeded

Copy of TTL from Label to TTL in IP Header (and Decremented by One)

Copy of TTL from Label to TTL in IP Header (and Decremented by One)

ICMP

ICMP

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 255 TTL Exceeded

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 253 TTL Exceeded

GP Label

VPN Label

Dest IP Addr = 10.1.2.1 Source IP Addr = 10.1.1.1 TTL = 1

Dest UDP Port = 35678

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 255 TTL Exceeded

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 255 TTL Exceeded

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 253 TTL Exceeded

ICMP

VPN Label TTL = 249

IGP Label TTL = 250

IGP Label TTL = 251

ICMP

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 248 TTL Exceeded

VPN Label TTL = 249

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 251 TTL Exceeded

IGP Label TTL = 250

VPN Label TTL = 251

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 251 TTL Exceeded

IGP Label TTL = 251

VPN Label TTL = 251

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 251 TTL Exceeded

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 252 TTL Exceeded

This behavior is the same for all probes: All ICMP messages are forwarded along the original LSP and are not sent back directly to the originator.

Example 13-3 shows the result of this traceroute.

Example 13-3 Example of Traceroute in MPLS Network london-ce#traceroute 10.1.2.1

Type escape sequence to abort. Tracing the route to 10.1.2.1

2 10.200.200.2 28 msec 28 msec 32 msec

3 10.200.203.2 28 msec 28 msec 28 msec

4 10.1.3.2 16 msec 20 msec 16 msec

5 10.1.3.1 12 msec 12 msec 12 msec

There can be a small difference in the output of the traceroute if you perform a traceroute for a destination for which the outgoing label is "Aggregate" in the LFIB of the egress LSR. There is an "Aggregate" outgoing label if the destination is either directly connected to that egress LSR or if it is an aggregate BGP route.

If the outgoing label is "Aggregate," the labels are stripped off after the LFIB lookup, and the packet receives an additional IP lookup so that the egress LSR can determine where the IP packet needs to be sent. As the egress LSR recognizes the incoming label as a VPN label, it performs the IP lookup in the appropriate VRF table. The egress LSR then sends the ICMP message directly back to the originator and does not forward it to the CE router on the right side, as in the case of the outgoing label being "No Label." This obviously makes a difference when troubleshooting a problem; in one case, the packets are forwarded over an extra link. Figure 13-7 shows the packet path for the second probe when tracerouting with the outgoing label "Aggregate" on the egress LSR.

Figure 13-7 Tracerouting in an MPLS Network: Outgoing Label Is "Aggregate"

Probe 2

UDP

Dest IP Addr =

10.1.2.1

Source IP Addr

= 10.1.1.1

TTL = 2

Dest UDP Port

Dest IP Addr = 10.1.2.1 Source IP Addr = 10.1.1.1 TTL = 1

Dest UDP Port = 35678

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 255 TTL Exceeded

london

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 255 TTL Exceeded

Outgoing label is "Aggregate" for prefix 10.1.2.1/32

Loopback 0 10.1.2.1/32

10.200.200.2

10.200.203.2

IGP Label

GP Label

VPN Label

VPN Label

VPN Label

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 250 TTL Exceeded

VPN Label TTL = 251

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 253 TTL Exceeded

IGP Label TTL = 252

VPN Label TTL = 253

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 253 TTL Exceeded

IGP Label TTL = 253

VPN Label TTL = 253

ICMP

Dest IP Addr = 10.1.1.1 Source IP Addr = 10.200.200.2 TTL = 253 TTL Exceeded

Micro Expression Master

Micro Expression Master

If You Could Read Everyone Life A Book You Can Have Better Career, Great Relationships And Become Successful. This Book Is One Of The Most Valuable Resources In The World When It Comes To Reading the smallest and tiniest body Language and know what people are thinking about.

Get My Free Ebook


Post a comment