When you configure MPLS to tunnel through a routing domain, it is difficult to route a fragmented packet to its source address; for example, when the IP addresses carried in a packet are private (not globally unique) and MPLS is used to tunnel the packets through a public backbone.
When you configure ICMP message tunneling, an Internet Control Message Protocol (ICMP) message is sent to the source of a packet. The label stack is copied from the original packet to the ICMP message. The ICMP message is then label switched across the network. This causes the message to go to the original packet destination, rather than its source. Unless the message is label switched all the way to the destination host, it ends up unlabeled in a router that does know the source of the original packet, at which point the message is sent in the proper direction.
ICMP message tunneling can be useful for debugging and tracing purposes if the message is an ICMP time exceeded messages.
Gaurav Goel JNCIP-SP ===================================== Accept as Solution = cool ! Accept as Solution+Kudo = You are a Star !
To explain ICMP tunneling in MPLS, consider traceroute operation.
In normal traceroute, the node which sees the packets with TTL 0 will send the ICMP TTL expired message to the SRC.
But in MPLS network, the routers in the middle don't have to know the routing information of the SRC/DST. They can be pure label switching routers. ( Ex: BGP free Core ). In that case, those routers won't be able to send the "TTL Expired" message directly to the SRC of the original packet.
To overcome this issue, the ICMP packet will be sent towards the DST through the LSP in which the original packet came, and the remote end of the LSP will get the ICMP packet which will be routed towards the SRC through another LSP.
Normal Trace Operation
MPLS Trace ( ICMP Tunnelling) Operation.
When SRC sends a packet with TTL=2, Router 2 will recieve the labeled packet through an LSP ( lsp R1-to-R4)
Router2 will drop the original packet and generate an "ICMP TTL Expired" message with destination IP of SRC and the labels of the original packet and label-switch along the original LSP ( R1-to-R4)
ICMP message will be label switched and reach Router 4 , and it will do route lookup and send the ICMP packet towards SRC through an LSP ( lsp R4-to-R1)
Has a use case while performing a traceroute (from the CE to CE or CE to destination PE), the ttl expired packets encountered by P nodes would be sent towards the destination CE (or PE) by copying the label stack along with a ttl of 255 (I believe) so that the destination can perform the routing back to the source CE. The icmp error packet (ttl expired) generated by the P nodes would have information about the incoming interface, and hence would be reported in the traceroute output. Without "icmp tunneling" these packets would get dropped at the P nodes since they won't have any information regarding the vpn destination.