If you want to stop a router from responding to ICMP directed to it, you
could always use control-plane policing
On Thu, Apr 15, 2010 at 8:21 AM, Aamir Aziz <aamiraz77_at_gmail.com> wrote:
> I agree here but one of our clients is asking for this and putting ACL
> on many PE's would be a nightmare plus troubleshooting would be
> killer. I just thought if there was any other way like manipulating
> the TTL so it doesnt decrement etc.
>
> Thanks,
> Aamir
>
>
>
> On Wed, Apr 14, 2010 at 8:34 PM, Kambiz Agahian <kagahian_at_ccbootcamp.com>
> wrote:
> > Amir,
> >
> > I'm not 100% sure what you mean by "doing ping and traceroute to their
> PE's" . Because the PE is (usually) the first device you see on the provider
> side, so "usually" no more than one hop away.
> >
> > If your question is; how to block ping/trace on PE boxes:
> >
> > 1- If they are customer facing; configure your ACLs on them (as mentioned
> by Joe) - not the best practice
> > 2- If they are behind any other appliances take a look at them and see if
> you can do anything there.
> >
> > However, if you work for a SP I dont recommend that. Why? Business issue.
> If as a customer I hit a problem and as a part of a troubleshooting process
> I can't even verify my connectivity to the PE I'd consider it as a big
> "negative" score for your company. Especially external consultants are
> perfect creatures in making noises on "hard to evaluate/troubleshoot" SPs.
> >
> > HTH
> >
> > --------------------------
> > Kambiz Agahian
> > CCIE (R&S)
> > CCSI, WAASSE, RSSSE
> > Technical Instructor
> > CCBOOTCAMP - Cisco Learning Solutions Partner (CLSP)
> > Email: kagahian_at_ccbootcamp.com
> > Toll Free: 877-654-2243
> > International: +1-702-968-5100
> > Skype: skype:ccbootcamp?call
> > FAX: +1-702-446-8012
> > YES! We take Cisco Learning Credits!
> > Training And Remote Racks: http://www.ccbootcamp.com
> > OEQ Voice Waiver: http://www.ccbootcamp.com/noeqvoice.html
> > OEQ R&S Waiver: http://www.ccbootcamp.com/noeqrs.html
> > OEQ Commercial: http://www.ccbootcamp.com/noeq.mpg
> >
> >
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com on behalf of Aamir Aziz
> > Sent: Wed 4/14/2010 9:16 AM
> > To: Cisco certification
> > Subject: Traceroute in MPLS
> >
> > Dear *,
> >
> > With no mpls ip propagate-ttl command MPLS core is hidden from
> > customers however they can still ping and traceroute to their PE. Is
> > there anyway to stop customers from even doing ping and traceroute to
> > their PE's?
> >
> > Thanks
> > Aamir
> >
> > --
> > Sent from my mobile device
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- <ruhann> www.routing-bits.com Blogs and organic groups at http://www.ccie.netReceived on Sun Apr 18 2010 - 14:36:27 ART
This archive was generated by hypermail 2.2.0 : Sat May 01 2010 - 09:49:57 ART