Routing
Highlighted
Routing

what does "icmp tunneling" mean in mpls vpn

‎10-18-2012 07:00 AM
it is appreicated if u can make a simple diagram to show me this
JNCIE-SP/JNCIP-SEC/CCNP
7 REPLIES 7
Highlighted
Routing

Re: what does "icmp tunneling" mean in mpls vpn

‎10-18-2012 09:19 PM

 

hi,

 

When you configure MPLS to tunnel through a routing domain, it is difficult to route a fragmented packet to its source address; for example, when the IP addresses carried in a packet are private (not globally unique) and MPLS is used to tunnel the packets through a public backbone.

When you configure ICMP message tunneling, an Internet Control Message Protocol (ICMP) message is sent to the source of a packet. The label stack is copied from the original packet to the ICMP message. The ICMP message is then label switched across the network. This causes the message to go to the original packet destination, rather than its source. Unless the message is label switched all the way to the destination host, it ends up unlabeled in a router that does know the source of the original packet, at which point the message is sent in the proper direction.

ICMP message tunneling can be useful for debugging and tracing purposes if the message is an ICMP time exceeded messages.

 

 

 

Gaurav Goel
JNCIP-SP
=====================================
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: what does "icmp tunneling" mean in mpls vpn

‎10-19-2012 12:22 AM

 Hi,

To explain ICMP tunneling in MPLS, consider traceroute operation. 

In normal traceroute, the node which sees the packets with TTL 0 will send the ICMP TTL expired message to the SRC.

 

But in MPLS network, the routers in the middle don't have to know the routing information of the SRC/DST. They can be pure label switching routers. ( Ex: BGP free Core ).  In that case, those routers won't be able to send the "TTL Expired" message directly to the SRC of the original packet.

 

To overcome this issue,  the ICMP packet will be sent towards the DST through the LSP in which the original packet came, and the remote end of the LSP will get the ICMP packet which will be routed towards the SRC through another LSP.

 

Normal Trace Operation

IP Trace

 

 

 

 

 MPLS Trace ( ICMP Tunnelling) Operation.

 MPLS Trace

 

 

 Ex -

When SRC sends a packet with TTL=2, Router 2 will recieve the labeled packet through an LSP ( lsp R1-to-R4)

 

Router2 will drop the original packet and generate an "ICMP TTL Expired" message with destination IP  of SRC and the labels of the original packet and label-switch along the original LSP ( R1-to-R4)

 

ICMP message will be label switched and reach Router 4 , and it will do route lookup and send the ICMP packet towards SRC through an LSP ( lsp R4-to-R1)

 

 

 

 

Highlighted
Routing

Re: what does "icmp tunneling" mean in mpls vpn

‎10-19-2012 12:50 AM
woooo,also R4 should know the route of src ,right? it means r1 needs to advertise its vrf interface to peer R4 (PE),right?
JNCIE-SP/JNCIP-SEC/CCNP
Highlighted
Routing
Solution
Accepted by topic author Robbie
‎08-26-2015 01:27 AM

Re: what does "icmp tunneling" mean in mpls vpn

‎10-19-2012 01:00 AM

Hi,

 

R1 and R4 will be PEs which will have routing informations via MP-BGP and PE-CE protocols.

 

Regards,

Moses N

Highlighted
Routing

Re: what does "icmp tunneling" mean in mpls vpn

‎01-19-2013 09:45 AM

Good explanation many thanks Moses


@mosesnehru wrote:

Hi,

 

R1 and R4 will be PEs which will have routing informations via MP-BGP and PE-CE protocols.

 

Regards,

Moses N


 

Highlighted
Routing

Re: what does "icmp tunneling" mean in mpls vpn

‎06-17-2019 11:14 PM

Hi,

 

The core provider routers will not able to get any routing update, because it having label information only. So to make core routers to learn routing information icmp tunneling is used. 

 

Regards,

Abhay  

Highlighted
Routing

Re: what does "icmp tunneling" mean in mpls vpn

‎06-17-2019 11:41 PM

Has a use case while performing a traceroute (from the CE to CE or CE to destination PE), the ttl expired packets encountered by P nodes would be sent towards the destination CE (or PE) by copying the label stack along with a ttl of 255 (I believe) so that the destination can perform the routing back to the source CE. The icmp error packet (ttl expired) generated by the P nodes would have information about the incoming interface, and hence would be reported in the traceroute output. Without "icmp tunneling" these packets would get dropped at the P nodes since they won't have any information regarding the vpn destination.