Network Enhancers - "Delivering Beyond Boundaries" Headline Animator

Network Enhancers - "Delivering Beyond Boundaries"

↑ Grab this Headline Animator

Monday, January 3, 2011

MPLS LDP Inbound Label Binding Filtering


Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) supports inbound label binding filtering. You can use the MPLS LDP feature to configure access control lists (ACLs) for controlling the label bindings a label switch router (LSR) accepts from its peer LSRs.

Why & Where do we use this feature ?

The MPLS LDP Inbound Label Binding Filtering feature may be used to control the amount of memory used to store LDP label bindings advertised by other routers.

For example, in a simple MPLS Virtual Private Network (VPN) environment, the VPN provider edge (PE) routers may require LSPs only to their peer PE routers (that is, they do not need LSPs to core routers). Inbound label binding filtering enables a PE router to accept labels only from other PE routers.

Restrictions


Inbound label binding filtering does not support extended ACLs; it only supports standard ACLs.


Router# configure terminal
Router(config)# ip access-list standard 1
Router(config-std-nacl)# access-list 1 permit 10.0.0.0    
Router(config-std-nacl)# exit
Router(config)# mpls ldp neighbor 10.12.12.12 labels accept 1      
Router(config)# end

Following is sample output from the show mpls ldp neighbor command. 

Router# show mpls ldp neighbor 10.12.12.12 detail


Peer LDP Ident: 10.12.12.12:0; Local LDP Ident 10.13.13.13:0


TCP connection: 10.12.12.12.646 - 10.13.13.13.12592


State: Oper; Msgs sent/rcvd: 49/45; Downstream; Last TIB rev sent 1257


Up time: 00:32:41; UID: 1015; Peer Id 0;


LDP discovery sources:


Serial1/0; Src IP addr: 25.0.0.2 


holdtime: 15000 ms, hello interval: 5000 ms


Addresses bound to peer LDP Ident:


10.0.0.129       10.12.12.12     10.0.0.2        


Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab


LDP inbound filtering accept acl: 1



Router# show ip access 1


Standard IP access list 1


permit 10.0.0.0, wildcard bits 0.0.0.255 (1 match)


Enter the show mpls ldp bindings command to verify that the LSR has remote bindings only from a specified peer for prefixes permitted by the access list. 
 
Router# show mpls ldp bindings


tib entry: 10.0.0.0/8, rev 4


local binding:  tag: imp-null


tib entry: 10.2.0.0/16, rev 1137


local binding:  tag: 16


tib entry: 10.2.0.0/16, rev 1139


local binding:  tag: 17


tib entry: 10.12.12.12/32, rev 1257


local binding:  tag: 18


tib entry: 10.13.13.13/32, rev 14


local binding:  tag: imp-null


tib entry: 10.10.0.0/16, rev 711


local binding:  tag: imp-null


tib entry: 10.0.0.0/8, rev 1135


local binding:  tag: imp-null


remote binding: tsr: 12.12.12.12:0, tag: imp-null


tib entry: 10.0.0.0/8, rev 8


local binding:  tag: imp-null


Router#
 
Posted by NETEN at 12:53 AM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

My Blog List

Networking Domain Jobs