Task 8.1 - Network Hardening

Hello

I think "no mpls ip propagate-ttl local" is only needed on PE Nodes, as there will be no label imposition on P Nodes. Any comments?

Thanks, Daniel

Comments

  • I think it does not have to do with the router role. When you are doing a trace from a P router to another P or PE router, you are doing label imposition. The traceroute packet (udp with Cisco IOS) will be encapsulated within a MPLS packet with a TTL=255.
  • Hello Antonio

    In a normal MPLS network I would agree with you. But as in the setup of this lab we are running TE tunnels from PE to PE the traceroute packet originated from a P router will not at all be encapsulated with a MPLS label, it will be sent as a normal IP packet. Therefore configuring "no mpls ip propagate-ttl local" on P routers will not have any effect.

    Cheers, Daniel
  • Hi Daniel,

    You are right. In this type of environment, that command only has effect in the headend of the tunnel. So we can say that the solutions guide is not 100% accurate, right ? :)


    Regards,
  • Hi Antonio

     Originally Posted By: Antonio Soares

    You are right. In this type of environment, that command only has effect in the headend of the tunnel. So we can say that the solutions guide is not 100% accurate, right ? :)



    Yes, I would say so ;)

    Cheers, Daniel
Sign In or Register to comment.