EasyManua.ls Logo

Huawei Quidway S9300

Huawei Quidway S9300
567 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
0 Ingress 10.1.1.2/[1025 ]
1 10.1.1.2 130 ms Transit 20.1.1.2/[3 ]
2 Request time out
3 30.1.1.2 80 ms Transit 40.1.1.2/[3 ]
4 40.1.1.2 100 ms Egress
<U-PE1> tracert vc vlan 100 control-word remote 200
TTL Replier Time Type Downstream
0 Ingress 10.1.1.2/[1025 ]
2 Request time out
4 40.1.1.2 130 ms Egress
To prevent PWE3 tracert attacks, you can configure the U-PE to filter the MPLS Echo
Request packets according to the MAC addresses. The filtering rules can be specified in
the ACL. For example, you can configure the ACL on U-PE2 that prevents U-PE1 from
obtaining the path information about U-PE2 through the tracert vc command. The
configuration is as follows:
[U-PE2] acl 3001
[U-PE2-acl-adv-3001] rule deny udp source 1.1.1.9 0
[U-PE2-acl-adv-3001] quit
[U-PE2] lspv packet-filter 3001
Run the tracert vc command on U-PE1, and then U-PE1 cannot collect information about
the egress PE of the PW. Take the display on U-PE1 for example.
<U-PE1> tracert vc vlan 100 control-word remote 200 full-lsp-path
TTL Replier Time Type Downstream
0 Ingress 10.1.1.2/[1025 ]
1 10.1.1.2 110 ms Transit 20.1.1.2/[3 ]
2 Request time out
3 30.1.1.2 60 ms Transit 40.1.1.2/[3 ]
4 Request time out
5 Request time out
6 Request time out
7 Request time out
<U-PE1> tracert vc vlan 100 control-word remote 200
TTL Replier Time Type Downstream
0 Ingress 10.1.1.2/[1025 ]
2 Request time out
4 Request time out
5 Request time out
6 Request time out
7 Request time out
By running the tracert vc command on U-PE2, however, you can collect information about
the LSRs where the PW passes through from U-PE2 to U-PE1 and information about the
egress PE.
[U-PE2] tracert vc vlan 200 control-word remote 100 full-lsp-path
TTL Replier Time Type Downstream
0 Ingress 40.1.1.1/[1026 ]
1 40.1.1.1 120 ms Transit 30.1.1.1/[3 ]
2 Request time out
3 20.1.1.1 60 ms Transit 10.1.1.1/[3 ]
4 10.1.1.1 160 ms Egress
[U-PE2] tracert vc vlan 200 control-word remote 100
TTL Replier Time Type Downstream
0 Ingress 40.1.1.1/[1026 ]
2 Request time out
4 10.1.1.1 120 ms Egress
Run the display lspv configuration command on U-PE2, and you can view the
configuration of PWE3 tracert.
<U-PE2> display lspv configuration
lspv packet filter 3001
5 PWE3 Configuration
Quidway S9300 Terabit Routing Switch
Configuration Guide - VPN
5-58 Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
Issue 03 (2009-08-20)

Table of Contents

Other manuals for Huawei Quidway S9300

Preview: Configuration Guide - Network Management
Configuration Guide - Network Management630 pages
Preview: Hardware Description
Hardware Description216 pages
Preview: Configuration Guide - Multicast
Configuration Guide - Multicast262 pages
Preview: Configuration Guide - Wan Access
Configuration Guide - Wan Access60 pages

Related product manuals