If your customer is asking for something that will intentionally make
troubleshooting difficult, this is a case for education, not accommodation.
Every request has a reason for it, and that reason can usually be associated
with a particular layer of the OSI model. If that's the case, the solution
should be applied at that layer. Something that needlessly (opinion)
complicates the troubleshooting process is typically happening in Layer 8,
and the layer 8 solution is education.
Find out their REASON for wanting this, then you can better answer them with
a reasonable solution.
On Thu, Apr 15, 2010 at 02:21, Aamir Aziz <aamiraz77_at_gmail.com> wrote:
> I agree here but one of our clients is asking for this and putting ACL
> on many PE's would be a nightmare plus troubleshooting would be
> killer. I just thought if there was any other way like manipulating
> the TTL so it doesnt decrement etc.
>
> Thanks,
> Aamir
>
>
>
> On Wed, Apr 14, 2010 at 8:34 PM, Kambiz Agahian <kagahian_at_ccbootcamp.com>
> wrote:
> > Amir,
> >
> > I'm not 100% sure what you mean by "doing ping and traceroute to their
> PE's" . Because the PE is (usually) the first device you see on the provider
> side, so "usually" no more than one hop away.
> >
> > If your question is; how to block ping/trace on PE boxes:
> >
> > 1- If they are customer facing; configure your ACLs on them (as mentioned
> by Joe) - not the best practice
> > 2- If they are behind any other appliances take a look at them and see if
> you can do anything there.
> >
> > However, if you work for a SP I dont recommend that. Why? Business issue.
> If as a customer I hit a problem and as a part of a troubleshooting process
> I can't even verify my connectivity to the PE I'd consider it as a big
> "negative" score for your company. Especially external consultants are
> perfect creatures in making noises on "hard to evaluate/troubleshoot" SPs.
> >
> > HTH
> >
> > --------------------------
> > Kambiz Agahian
> > CCIE (R&S)
> > CCSI, WAASSE, RSSSE
> > Technical Instructor
> > CCBOOTCAMP - Cisco Learning Solutions Partner (CLSP)
> > Email: kagahian_at_ccbootcamp.com
> > Toll Free: 877-654-2243
> > International: +1-702-968-5100
> > Skype: skype:ccbootcamp?call
> > FAX: +1-702-446-8012
> > YES! We take Cisco Learning Credits!
> > Training And Remote Racks: http://www.ccbootcamp.com
> > OEQ Voice Waiver: http://www.ccbootcamp.com/noeqvoice.html
> > OEQ R&S Waiver: http://www.ccbootcamp.com/noeqrs.html
> > OEQ Commercial: http://www.ccbootcamp.com/noeq.mpg
> >
> >
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com on behalf of Aamir Aziz
> > Sent: Wed 4/14/2010 9:16 AM
> > To: Cisco certification
> > Subject: Traceroute in MPLS
> >
> > Dear *,
> >
> > With no mpls ip propagate-ttl command MPLS core is hidden from
> > customers however they can still ping and traceroute to their PE. Is
> > there anyway to stop customers from even doing ping and traceroute to
> > their PE's?
> >
> > Thanks
> > Aamir
> >
> > --
> > Sent from my mobile device
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Apr 18 2010 - 08:57:27 ART
This archive was generated by hypermail 2.2.0 : Sat May 01 2010 - 09:49:57 ART