To get packets across a label switched path (LSP) through the MPLS network, all LSRs must run
a label distribution protocol and exchange label bindings.
LDP as four major function.
■ The discovery of LSRs that are running LDP
When two LSRs are running LDP and they share one or more links between them, they should
discover each other by means of Hello messages.
■ Session establishment and maintenance
Establish a session across a TCP connection. Across this TCP connection
■ Advertising of label mappings
LDP advertises the label mapping messages between the two LDP peers
■ Housekeeping by means of notification
LDP provides the means to notify the LDP neighbor of some advisory and error messages by sending notification messages
LDP Operation.
a label distribution protocol and exchange label bindings.
LDP as four major function.
■ The discovery of LSRs that are running LDP
When two LSRs are running LDP and they share one or more links between them, they should
discover each other by means of Hello messages.
■ Session establishment and maintenance
Establish a session across a TCP connection. Across this TCP connection
■ Advertising of label mappings
LDP advertises the label mapping messages between the two LDP peers
■ Housekeeping by means of notification
LDP provides the means to notify the LDP neighbor of some advisory and error messages by sending notification messages
LDP Operation.
- The Discovery of LSRs That Are Running LDP
LSRs that are
running LDP send LDP Hello messages on all links that are LDP enabled. These
are all the interfaces with mpls ip configured on them. First, however,
you must enable CEF with the global ip cef command.
*Jun 3 09:45:46.387: ldp: Sent init msg to
2.2.2.2:0 (pp 0x0)
*Jun 3 09:45:46.391: ldp: Sent keepalive msg to
2.2.2.2:0 (pp 0x0)
*Jun 3 09:45:46.627: %LDP-5-NBRCHG: LDP Neighbor
2.2.2.2:0 (1) is UP
R1(config-if)#
*Jun 3 09:45:46.639: ldp: Sent address msg to
2.2.2.2:0 (pp 0x6ACE80C8)
*Jun 3 09:45:46.643: ldp: Begin: Msg-Packing-5 to
2.2.2.2:0 (pp 0x6ACE80C8)
*Jun 3 09:45:46.647: ldp: Sent label mapping msg
to 2.2.2.2:0 (pp 0x6ACE80C8)
*Jun 3 09:45:46.647: ldp: Sent label mapping msg
to 2.2.2.2:0 (pp 0x6ACE80C8)
*Jun 3 09:45:46.651: ldp: Sent label mapping msg
to 2.2.2.2:0 (pp 0x6ACE80C8)
*Jun 3 09:45:46.651: ldp: Sent label mapping msg
to 2.2.2.2:0 (pp 0x6ACE80C8)
*Jun 3 09:45:46.655: ldp: Sent label mapping msg
to 2.2.2.2:0 (pp 0x6ACE80C8)
*Jun 3 09:45:46.659: ldp: End: Msg-Packing-5 to
2.2.2.2:0 (pp 0x6ACE80C8)
LDP Hello messages are UDP
messages that are sent on the links to the “all routers on this subnet” multicast
IP address—in other words, to the 224.0.0.2 group IP multicast address. The UDP
port used for LDP is 646.
To discover whether the
LSR sends and receives LDP Hellos, the
Hello interval, and the Hold time, use the show
mpls ldp discovery [detail] command
R1#sh mpls ldp discovery detail
Local LDP Identifier:
1.1.1.1:0
Discovery Sources:
Interfaces:
FastEthernet1/0 (ldp): xmit/recv
Enabled: Interface config
Hello interval:
5000 ms; Transport IP addr: 1.1.1.1
LDP Id: 2.2.2.2:0; no host route to
transport addr
Src IP addr: 192.168.0.2;
Transport IP addr: 2.2.2.2
Hold time: 15 sec;
Proposed local/peer: 15/15 sec
Reachable via 2.0.0.0/8
Password: not required, none, in
use
Clients: IPv4
************* R2
****************
R2#sh mpls ldp discovery
detail
Local LDP Identifier:
2.2.2.2:0
Discovery Sources:
Interfaces:
FastEthernet0/0 (ldp): xmit/recv
Enabled: Interface config
Hello interval: 5000 ms; Transport IP addr: 2.2.2.2
LDP Id: 3.3.3.3:0; no host route to transport addr
Src IP addr: 172.16.0.3;
Transport IP addr: 3.3.3.3
Hold time: 15 sec;
Proposed local/peer: 15/15 sec
Reachable via 3.0.0.0/8
Password: not required, none, in
use
Clients: IPv4
FastEthernet0/1 (ldp): xmit/recv
Enabled: Interface config
Hello interval: 5000 ms; Transport IP addr: 2.2.2.2
LDP Id: 1.1.1.1:0; no host route to
transport addr
Src IP addr: 192.168.0.1;
Transport IP addr: 1.1.1.1
Hold time: 15 sec; Proposed
local/peer: 15/15 sec
Reachable via 1.0.0.0/8
Password: not required, none, in
use
Clients: IPv4
R2#
The default value for the holdtime keyword is 15 seconds for link
Hello messages, and the default value for the interval keyword is 5 seconds
If the two LDP peers have
different LDP Hold times configured, the smaller of the two values is used as
the Hold time for that LDP discovery source
show mpls interfaces show which interfaces are running LDP,
R2#sh mpls interfaces
Interface IP Tunnel BGP Static Operational
FastEthernet0/0 Yes (ldp) No
No No Yes
FastEthernet0/1 Yes (ldp) No
No No Yes
LSRs that are running LDP
have an LDP Identifier, or LDP ID.
This LDP ID is a 6-byte field that consists of 4 bytes identifying the LSR
uniquely and 2 bytes identifying the label
space that the LSR is
using, as
Local LDP
Identifier:
2.2.2.2:0
last two bytes are 0, the label space is the
platform-wide or per-platform label space.
If they are
non-zero, a per-interface label space is used
LDP id can be changed as
R1(config)#mpls ldp
router-id fa1/0 force
R1#sh mpls ldp discovery
Local LDP Identifier:
192.168.0.1:0 earlier it was 1.1.1.1
Discovery Sources:
Interfaces:
FastEthernet1/0 (ldp): xmit/recv
LDP Id: 2.2.2.2:0; no host route
R1#
Earlier …..Local
LDP Identifier:
1.1.1.1:0
Discovery
Sources
In force keyword , immediately
LDP id get changed.
***The MPLS LDP
router ID needs to be present in the routing table of the LDP
neighboring routers,
If it is not, the LDP session is not formed.
LDP Session Establishment and Maintenance.
If two LSRs have discovered each other by
means of the LDP Hellos, they attempt to establish an LDP session between them.
One LSR tries to open a TCP connection—to TCP port 646—to the other LSR. If the
TCP connection is set up, both LSRs negotiate LDP session parameters by exchanging
LDP Initialization messages.
LDP negotiate on below parameter.
■ Timer values
■ Label distribution method
■ Virtual path identifier (VPI)/virtual
channel identifier (VCI) ranges for Label Controlled ATM (LC-ATM)
■ Data-link connection identifier (DLCI)
ranges for LC-Frame Relay
After the LDP session has been set up, it is
maintained by either the receipt of LDP packets or a periodic keepalive message.
Timers can be configured as
R1(config)#mpls ldp holdtime ?
<15-65535> Holdtime in
seconds
The local TCP port used is 46034, and the
remote TCP port used is 646. The session Hold time is 180 seconds, and the
LDP Neighbor Hold Time and KA Interval
R1#sh
mpls ldp neighbor 2.2.2.2 detail
Peer LDP Ident: 2.2.2.2:0; Local LDP Ident
192.168.0.1:0
TCP connection: 2.2.2.2.646 - 192.168.0.1.46034
Password: not required, none, in use
State: Oper; Msgs sent/rcvd: 12/11;
Downstream; Last TIB rev sent 25
Up time: 00:03:27; UID: 6; Peer Id 1;
LDP discovery sources:
FastEthernet1/0; Src IP addr: 192.168.0.2
holdtime: 15000 ms, hello interval:
5000 ms
Addresses bound to peer LDP Ident:
172.16.0.2 192.168.0.2 2.2.2.2
Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer
state: estab
Capabilities Sent:
[Dynamic Announcement (0x0506)]
[Typed Wildcard (0x050B)]
Capabilities Received:
[Dynamic Announcement (0x0506)]
[Typed Wildcard (0x050B)]
Parameters can be confirmed by
R1#sh mpls ldp parameters
LDP
Feature Set Manager: State Initialized
……
Protocol
version: 1
Session hold time: 180 sec; keep alive
interval: 60 sec
Discovery hello: holdtime: 15 sec;
interval: 5 sec
Discovery
targeted hello: holdtime: 90 sec; interval: 10 sec
Downstream
on Demand max hop count: 255
LDP
for targeted sessions
LDP
initial/maximum backoff: 15/120 sec
LDP
loop detection: off
LDP tcp sessions use LDP id to establish
session but it can be changed with
mpls ldp discovery
transport-address {interface | ip-address}
This transport IP address is advertised in the LDP Hellos
that are sent on the
LDP-enabled interfaces.
Transport address must be accessible
R1(config)#int fa1/0
R1(config-if)#mpls ldp discovery
transport-address 11.11.11.11
R2(config)#int fa0/1
R2(config-if)#mpls ldp discovery
transport-address 22.22.22.22
R1#sh mpls ldp discovery detail
Local LDP
Identifier:
192.168.0.1:0
Discovery
Sources:
Interfaces:
FastEthernet1/0 (ldp): xmit/recv
Enabled: Interface config
Hello
interval: 5000 ms; Transport IP addr: 11.11.11.11
LDP Id:
2.2.2.2:0; no host route to transport addr
Src
IP addr: 192.168.0.2; Transport IP addr: 22.22.22.22
Hold
time: 15 sec; Proposed local/peer: 15/15 sec
Reachable
via 22.0.0.0/8
Password: not required, none, in use
Clients: IPv4
R1#
Advertising of Label Mappings
■ Unsolicited Downstream (UD) versus Downstream-on-Demand
(DoD) advertisement mode
■ Liberal Label Retention (LLR) versus Conservative Label
Retention (CLR) mode
■ Independent LSP Control versus Ordered LSP Control mode
LDP peer distributes the label bindings
unsolicited to its LDP peers.
However, the label bindings are a set of (LDP
Identifier, label) per prefix. An LDP router receives multiple label bindings
for each prefix—namely, one per LDP peer. All these label bindings are stored
in the LIB of the router.
only one label from all the advertised label
bindings from all the LDP neighbors of this
LSR should be used as outgoing label in the
LFIB for that prefix
bound addresses
label bindings
are advertised as (LDP Identifier, label) without the IP addresses of the
interfaces. This means that to find the outgoing label for a particular prefix,
you must map to the LDP Identifier the IP address of the interface—pointing
back to this LSR—on the downstream LSR. You can only do this if each LDP peer
advertises all its IP addresses. These IP addresses are advertised by the LDP
peer with Address messages and withdrawn with Withdraw Address messages.
They are called the bound addresses for
the LDP peer
R2#sh
mpls ldp nei detail
Peer
LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0
TCP connection: 3.3.3.3.13426 -
2.2.2.2.646
Password: not required, none, in use
State: Oper; Msgs sent/rcvd: 726/724;
Downstream; Last TIB rev sent 33
Up time: 10:24:28; UID: 2; Peer Id 1;
LDP discovery sources:
FastEthernet0/0; Src IP addr:
172.16.0.3
holdtime: 15000 ms, hello interval:
5000 ms
Addresses bound to peer LDP Ident:
172.16.0.3 3.3.3.3
Peer holdtime: 180000 ms; KA interval:
60000 ms; Peer state: estab
.
.
.
Peer
LDP Ident: 192.168.0.1:0; Local LDP Ident 2.2.2.2:0
TCP connection: 11.11.11.11.646 -
22.22.22.22.35321
Password: not required, none, in use
State: Oper; Msgs sent/rcvd: 24/23;
Downstream; Last TIB rev sent 33
Up time: 00:12:11; UID: 8; Peer Id 0;
LDP discovery sources:
FastEthernet0/1; Src IP addr:
192.168.0.1
holdtime: 15000 ms, hello interval:
5000 ms
Addresses bound to peer LDP Ident:
1.1.1.1 192.168.0.1 11.11.11.11
Example of LIB
R2#sh mpls ldp bindings
lib entry: 1.0.0.0/8, rev 2
local binding: label: 16
remote binding: lsr: 3.3.3.3:0, label:
16
lib entry: 1.1.1.1/32, rev 30
remote binding: lsr: 192.168.0.1:0,
label: imp-null
lib entry: 2.0.0.0/8, rev 12
remote binding: lsr: 3.3.3.3:0, label:
17
remote binding: lsr: 192.168.0.1:0,
label: 16
lib entry: 2.2.2.2/32, rev 4
local binding: label: imp-null
lib entry: 3.0.0.0/8, rev 6
local binding: label: 17
remote binding: lsr: 192.168.0.1:0,
label: 17
lib entry: 3.3.3.3/32, rev 14
remote binding: lsr: 3.3.3.3:0, label:
imp-null
lib entry: 11.0.0.0/8, rev 29
local binding: label: 18
remote binding: lsr: 3.3.3.3:0, label:
19
lib entry: 11.11.11.11/32, rev 32
remote binding: lsr: 192.168.0.1:0,
label: imp-null
lib entry: 22.0.0.0/8, rev 33
remote binding: lsr: 192.168.0.1:0,
label: 19
remote binding: lsr: 3.3.3.3:0, label:
20
lib entry: 22.22.22.22/32, rev 27
local binding: label: imp-null
show mpls ip binding
The advantage of the command
show mpls ip binding is that it also shows which label from all possible remote
bindings is used to forward traffic by indicating inuse
R1# show mpls ip binding
1.0.0.0/8
out label: 16
lsr: 2.2.2.2:0
1.1.1.1/32
in label: imp-null
2.0.0.0/8
in label: 16
2.2.2.2/32
out label: imp-null
lsr: 2.2.2.2:0
3.0.0.0/8
in label: 17
out label: 17
lsr: 2.2.2.2:0 inuse
11.0.0.0/8
out label: 18
lsr: 2.2.2.2:0
11.11.11.11/32
in label: imp-null
22.0.0.0/8
in label: 19
22.22.22.22/32
out label: imp-null
lsr: 2.2.2.2:0
172.16.0.0/24
out label: imp-null lsr: 2.2.2.2:0
172.16.0.0/16
in label: 18
192.168.0.0/24
in label: imp-null
out label: imp-null
lsr: 2.2.2.2:0
R1#
Label binding for 3.0.0.0/24
in R1
R1#sh mpls ldp
bindings 3.0.0.0 255.0.0.0
lib entry: 3.0.0.0/8, rev 8
local binding: label: 17
remote binding: lsr: 2.2.2.2:0, label:
17
LDP Authentication
LDP sessions are TCP sessions. TCP sessions can be attacked by spoofed TCP segments. To protect LDP against such attacks, use Message Digest 5 (MD5) authentication.
LDP sessions are TCP sessions. TCP sessions can be attacked by spoofed TCP segments. To protect LDP against such attacks, use Message Digest 5 (MD5) authentication.
R1(config)#mpls ldp
neighbor 2.2.2.2 password cisco
*Jun
3 20:21:29.164: %TCP-6-BADAUTH: No MD5 digest from 22.22.22.22(29055) to
11.11.11.11(646)
R2(config)#mpls ldp
neighbor 192.168.0.1 password cisco
R1.
*Jun 3 20:22:48.216: %LDP-5-NBRCHG: LDP Neighbor
2.2.2.2:0 (1) is UP
11.0.0.0/8 is a prefix in R1
R2#sh mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 No Label 1.0.0.0/8 0 Fa0/1 192.168.0.1
17 No Label 3.0.0.0/8 0 Fa0/0 172.16.0.3
18 No Label 11.0.0.0/8 0 Fa0/1 192.168.0.1
R2#
Go To ..MPLS LDP binding filtering
Controlling the Advertisement of
Labels via LDP
LDP lets
you control the advertisement of labels. You can configure LDP to advertise or
not to advertise certain labels to certain LDP peers,
mpls ldp advertise-labels [vrf vpn-name] [interface
interface | for prefix-access-list [to peer-access-list]]
The prefix-access-list
is a standard numbered access list (1–99) or named access list that lets you specify
which prefixes should have a label advertised.
The peer-access-list
is a standard numbered access list (1–99) or named access list that lets you
specify which LDP peers should receive the label advertisements
Configuration….
We want to
stop label advertisement for 11.0.0.0/8 from R2 (2.2.2.2) to R3(3.3.3.3)
R2#sh mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 No Label 1.0.0.0/8 0 Fa0/1 192.168.0.1
17 No Label 3.0.0.0/8 0 Fa0/0 172.16.0.3
18 No Label 11.0.0.0/8 0 Fa0/1 192.168.0.1
R2#
Before the config ..11.0.0.0/8 has valid outgoing label
R3#sh mpls forwarding-table | in 11.0.0.0
19 18 11.0.0.0/8 0 Fa0/0 172.16.0.2
R3#
Applying the
configuration
In R2…
access-list 1 deny 11.0.0.0
access-list 1 permit any
to pair 3,3.3.3
access-list 2 permit 3.3.3.3
access-list 2 deny any
no mpls ldp advertise-labels
mpls ldp advertise-labels for 1 to 2
R3#sh mpls forwarding-table
Local
Outgoing Prefix Bytes Label Outgoing
Next Hop
Label
Label or Tunnel Id Switched interface
16 16 1.0.0.0/8 0 Fa0/0 172.16.0.2
17 No
Label 2.0.0.0/8 0
Fa0/0 172.16.0.2
18 Pop
Label 192.168.0.0/24 0
Fa0/0 172.16.0.2
19 No Label 11.0.0.0/8 0 Fa0/0 172.16.0.2
20 No
Label 22.0.0.0/8 0 Fa0/0 172.16.0.2
No valid outgoing label for 11.0.0.0/8
Go To ..MPLS LDP binding filtering
MPLS LDP-IGP Synchronization
The
synchonisation problem can occur when LSRs restart. The IGP can be quicker in
establishing the adjacencies than LDP can establish its sessions. This means
that the IGP forwarding is already happening before the LFIB has the necessary
information to start the correct label forwarding. The packets are incorrectly
forwarded (unlabeled) or dropped until the LDP session is established.The
solution is MPLS LDP-IGP Synchronization. This feature ensures that the link is
not used to forward (unlabeled) traffic when the LDP session across the link is
down. Rather, the traffic is forwarded out another link where the LDP session
is still established.
this can be enable by mpls ldp sync, and it is configured under the router process mainly in ospf.
continue with MPLS LDP Session Protection
No comments:
Post a Comment