IP Router Configuration
Router Configuration Guide 107
The source address of the ICMP reply packet is determined as follows. The LSR uses the address of
the outgoing interface for the MPLS LSP. With LDP LSP or BGP LSP multiple ECMP next-hops can
exist and in such a case the first outgoing interface is selected. If that interface does not have an address
of the same family (IPv4 or IPv6) as the ICMP packet, then the system address of the same family is
selected. If one is not configured, the packet is dropped.
When the packet is received by the egress LER, it performs a regular user packet lookup in the data
path in the GRT context for BGP shortcut, 6PE, and BGP label route prefixes, or in VPRN context for
VPRN and 6VPE prefixes. It then forwards it to the destination, which is the sender of the original
packet which TTL expired at the LSR.
If the egress LER does not have a route to the destination of the ICMP packet, it drops the packets.
The rate of the tunneled ICMP replies at the LSR can be directly or indirectly controlled by the existing
IOM level and CPM levels mechanisms. Specifically, the rate of the incoming UDP traceroute packets
received with a label stack can be controlled at ingress IOM using the distributed CPU protection
feature. The rate of the ICMP replies by CPM can also be directly controlled by configuring a system
wide rate limit for packets ICMP replies to MPLS expired packets which are successfully forwarded
to CPM using the command 'configure system security vprn-network-exceptions'. While this
command's name refers to VPRN service, this feature rate limits ICMP replies for packets received
with any label stack, including VPRN and shortcuts.
The 7x50 implementation supports appending to the ICMP reply of type Time Exceeded the MPLS
label stack object defined in RFC 4950. It does not include it in the ICMP reply type of Destination
unreachable.
The new MPLS Label Stack object permits an LSR to include label stack information including label
value, EXP, and TTL field values, from the encapsulation header of the packet that expired at the LSR
node. The ICMP message continues to include the IP header and leading payload octets of the original
datagram.
In order to include the MPLS Label Stack object, the SR OS implementation adds support of RFC 4884
which defines extensions for a multi-part ICMPv4/v6 message of type Time Exceeded.
The no form of command disables the tunneling of ICMP reply packets over MPLS LSP at a LSR
node.
Default no icmp-tunneling
ignore-icmp-redirect
Syntax [no] ignore-icmp-redirect
Context config>router
Description This command drops ICMP redirects received on the management interface.
The no form of the command accepts ICMP redirects received on the management interface.
To Next Page
Loading...
