Routing & Switching

Hi Rene,

1. I have a Printer/ATM in Customer network which is connected with MPLS.
2. MPLS is connected with Cisco1 Router
3. Cisco1 router is connected with Cisco2 Router
4. Cisco2 Router is connected with Cisco Firewall
5. Cisco Firewall is connected with another MPLS
6. And finally this MPLS is connected with Printer/ATM Application Server

Now, how to check complete routing path from Printer/ATM (private network) to Printer/ATM Application server (public network)

Regards,
Manami

Hi Manami,

Traceroute is the way to go. However, your ISP might prevent you from seeing all hops. They might filter traceroute to hide some routers or in MPLS, hide their P routers. Here’s a quick example for this network:

When I do a traceroute, I can see all devices:

CE1#traceroute 5.5.5.5 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.12.2 7 msec 5 msec 6 msec
  2 192.168.23.3 [MPLS: Labels 17/19 Exp 0] 11 msec 10 msec 15 msec
  3 192.168.45.4 [MPLS: Label 19 Exp 0] 10 msec 11 msec 7 msec
  4 192.168.45.5 9 msec 10 msec * 

Now, let’s hide the P router. We do this by disabling TTL propagation:

PE1, P, PE2
(config)#no mpls ip propagate-ttl

Let’s do another traceroute:

CE1#traceroute 5.5.5.5 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.12.2 5 msec 4 msec 5 msec
  2 192.168.45.4 [MPLS: Label 19 Exp 0] 5 msec 8 msec 6 msec
  3 192.168.45.5 9 msec 11 msec * 

I can see the enter and exit point (the PE routers) but the P router remains invisible. As you can see, it can be difficult to see the exact path through your provider network(s)…

Rene

Thanks Rene.

Can I check the same routing path using sh ip route / next hop?

If it is possible then how I can reach from Customer Network to my Company network.

E.G. Customer managed device > ISP (MPLS) > Company R1 > Company R2 (R-VRF and L-VRF) > ASA > Company MPLS > Company R3 > Serveres

Say, ATM Server is not working which is connected on Company R3 Router (source is Customer PC situated on Customer site)

Customer PC has Private IP mapped with NAT IP
ATM Server has Public IP

How I can do troubleshooting or how I can check –

1. Customer PC is advertising properly and reaching to Server
2. Server is responding back and hitting Customer PC

Thanks
Manami

Hi Manami,

Traceroute tells you the routing path but it doesn’t help to troubleshoot connectivity issues. If you want to fix an issue where your PC can’t reach that server, there’s a couple of things you can check. You have a lot of devices in between and you probably don’t have access to all of them. There could be some routing issues or your ASA might block some traffic.

Here are some things to check, step-by-step:

- On your “customer managed device” (is that a router? ASA?) you can check:

• If you have a default route to the ISP.
• If you can ping something on the Internet, that proves your routing is working.
• If you have a route for the subnet where the ATM server is.
• If you can ping anything else on the subnet where the ATM server is.
  - On the customer PC:
• Check if your default gateway is configured correctly.
• Check if you can ping anything on the Internet, this proves that your default gateway works and that NAT is working.
• Check if you can reach anything else on the subnet of the ATM server.

- On the ATM server you can check:

• If your default gateway is configured correctly.
• If you can reach anything on the Internet, that proves your routing is working.

All steps above help to troubleshoot routing issues and you can verify if your routing is configured correctly. That ASA, however, can mess things up…once you believe your routing is configured correctly, look in the ASA to see if the actual traffic from your PC > ATM server is permitted to go through.

Hope this helps!

Rene

Hi Rene,

Thank you.

It’s so much helpful and nice document.

Regards,
Manami