Re: Traceroute in MPLS from Aamir Aziz on 2010-04-15 (Ccielab archives 04/2010)

From: Aamir Aziz <aamiraz77_at_gmail.com>
Date: Thu, 15 Apr 2010 10:21:09 +0400

I agree here but one of our clients is asking for this and putting ACL
on many PE's would be a nightmare plus troubleshooting would be
killer. I just thought if there was any other way like manipulating
the TTL so it doesnt decrement etc.

Thanks,
Aamir

On Wed, Apr 14, 2010 at 8:34 PM, Kambiz Agahian <kagahian_at_ccbootcamp.com> wrote:
> Amir,
>
> I'm not 100% sure what you mean by "doing ping and traceroute to their PE's" . Because the PE is (usually) the first device you see on the provider side, so "usually" no more than one hop away.
>
> If your question is; how to block ping/trace on PE boxes:
>
> 1- If they are customer facing; configure your ACLs on them (as mentioned by Joe) - not the best practice
> 2- If they are behind any other appliances take a look at them and see if you can do anything there.
>
> However, if you work for a SP I dont recommend that. Why? Business issue. If as a customer I hit a problem and as a part of a troubleshooting process I can't even verify my connectivity to the PE I'd consider it as a big "negative" score for your company. Especially external consultants are perfect creatures in making noises on "hard to evaluate/troubleshoot" SPs.
>
> HTH
>
> --------------------------
> Kambiz Agahian
> CCIE (R&S)
> CCSI, WAASSE, RSSSE
> Technical Instructor
> CCBOOTCAMP - Cisco Learning Solutions Partner (CLSP)
> Email: kagahian_at_ccbootcamp.com
> Toll Free: 877-654-2243
> International: +1-702-968-5100
> Skype: skype:ccbootcamp?call
> FAX: +1-702-446-8012
> YES! We take Cisco Learning Credits!
> Training And Remote Racks: http://www.ccbootcamp.com
> OEQ Voice Waiver: http://www.ccbootcamp.com/noeqvoice.html
> OEQ R&S Waiver: http://www.ccbootcamp.com/noeqrs.html
> OEQ Commercial: http://www.ccbootcamp.com/noeq.mpg
>
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com on behalf of Aamir Aziz
> Sent: Wed 4/14/2010 9:16 AM
> To: Cisco certification
> Subject: Traceroute in MPLS
>
> Dear *,
>
> With no mpls ip propagate-ttl command MPLS core is hidden from
> customers however they can still ping and traceroute to their PE. Is
> there anyway to stop customers from even doing ping and traceroute to
> their PE's?
>
> Thanks
> Aamir
>
> --
> Sent from my mobile device
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 15 2010 - 10:21:09 ART

This archive was generated by hypermail 2.2.0 : Sat May 01 2010 - 09:49:57 ART