Topics:
- Targeted LDP session
- Targeted LDP session hello/holdtime interval modification
- Targeted Sessions with the accept from ACL.
- Label Advertisement control outbound,inbound.
- LDP Session Protection.
Gear Specs:
Everything is running over a Dell latitude with 8GB of Ram, and a core i7 2640(2.8ghz) on Linux Mint (Debian edition).
Platform: 4X Dynamips/GNS3 emulated 3750 with 128mb of ram (each) running IOS C3745-ADVENTERPRISEK9-M version 12.4(25d).
Topology:
In the First part of the lab we tested the main ldp adjacency components:
- LDP adjacencies and verification.
- Hello/Holdtime interval modification.
- LDP autoconfig.
- LDP authentication.
Part I final configs:
P1:
!
mpls ldp discovery hello interval 10
mpls ldp discovery hello holdtime 30
!
!
!
!
!
interface Loopback0
ip address 10.1.1.1 255.255.255.255
!
interface FastEthernet0/0
description Link_to_P2
ip address 10.0.12.1 255.255.255.248
ip ospf network point-to-point
!
interface Serial0/0
description 2d_link_to_P2
ip address 10.100.200.1 255.255.255.252
no fair-queue
clock rate 2000000
!
!
!
router ospf 1
mpls ldp autoconfig area 0
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
P2:
hostname P2
!
!
!
!
!
mpls ldp discovery hello interval 10
mpls ldp discovery hello holdtime 30
!
!
!
interface Loopback0
ip address 10.2.2.2 255.255.255.255
!
interface FastEthernet0/0
description Link_to_P1
ip address 10.0.12.2 255.255.255.248
ip ospf network point-to-point
!
interface Serial0/0
description 2d_link_to_P1
ip address 10.100.200.2 255.255.255.252
no fair-queue
clock rate 2000000
!
interface FastEthernet0/1
description Link_To_P3
ip address 10.0.23.2 255.255.255.248
ip ospf network point-to-point
!
!
!
!
router ospf 1
mpls ldp autoconfig area 0
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
P3:
!
hostname P3
!
!
mpls ldp neighbor 10.4.4.4 password cisco123
!
!
!
!
!
!
!
interface Loopback0
ip address 10.3.3.3 255.255.255.255
!
interface FastEthernet0/0
description Link_to_P4
ip address 10.0.34.3 255.255.255.248
ip ospf network point-to-point
mpls ip
!
!
interface FastEthernet0/1
description Link_To_P2
ip address 10.0.23.3 255.255.255.248
ip ospf network point-to-point
mpls ip
!
!
!
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
P4:
hostname P4
!
!
!
mpls ldp neighbor 10.3.3.3 password cisco123
!
!
!
!
interface Loopback0
ip address 10.4.4.4 255.255.255.255
!
interface FastEthernet0/0
description Link_To_P3
ip address 10.0.34.4 255.255.255.248
ip ospf network point-to-point
mpls ip
!
!
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
Configuring a Targeted LDP session.
Let`s say we need to establish some LDP peering between P1 and P4 for some obscure TE requirement, as we observe we are not directly connected to R4 , this is were a Targeted LDP session comes in.
The command to configure a targeted LDP session is mpls ldp neighbor "neighbor ID" targeted "ldp/tdp" this is configured on both routers.
So now lets configure an targeted LDP session between P1-P4:
P1(config)#mpls ldp neighbor 10.4.4.4 targeted ldp
P4(config)#mpls ldp neighbor 10.1.1.1 targeted ldp
After configuring it on both sides we see the notification message indicating that the adjacency is up
*Mar 1 01:23:08.035: %LDP-5-NBRCHG: LDP Neighbor 10.4.4.4:0 (2) is UP
We can verify the adjacency with the normal commands:
P1#sh mpls ldp neighbor
Peer LDP Ident: 10.2.2.2:0; Local LDP Ident 10.1.1.1:0
TCP connection: 10.2.2.2.19560 - 10.1.1.1.646
State: Oper; Msgs sent/rcvd: 71/71; Downstream
Up time: 00:52:50
LDP discovery sources:
Serial0/0, Src IP addr: 10.100.200.2
FastEthernet0/0, Src IP addr: 10.0.12.2
Addresses bound to peer LDP Ident:
10.0.12.2 10.100.200.2 10.0.23.2 10.2.2.2
Peer LDP Ident: 10.4.4.4:0; Local LDP Ident 10.1.1.1:0
TCP connection: 10.4.4.4.22964 - 10.1.1.1.646
State: Oper; Msgs sent/rcvd: 11/12; Downstream
Up time: 00:00:48
LDP discovery sources:
Targeted Hello 10.1.1.1 -> 10.4.4.4, active, passive
Addresses bound to peer LDP Ident:
10.0.34.4 10.4.4.4
P1#show mpls ldp discovery
Local LDP Identifier:
10.1.1.1:0
Discovery Sources:
Interfaces:
FastEthernet0/0 (ldp): xmit/recv
LDP Id: 10.2.2.2:0
Serial0/0 (ldp): xmit/recv
LDP Id: 10.2.2.2:0
Targeted Hellos:
10.1.1.1 -> 10.4.4.4 (ldp): active/passive, xmit/recv
LDP Id: 10.4.4.4:0
We can see the difference between a adjacent session and a targeted one, on both outputs we see the targeted hello discovery.
Targeted LDP session hello/holdtime interval modification.
Now lets say that we need a short hello/holdtime interval for some reason. This is pretty straightforward and similar to modifying the intervals for a adjacent peering.
To determine the current values:
P1#show mpls ldp parameters
Protocol version: 1
Downstream label generic region: min label: 16; max label: 100000
Session hold time: 180 sec; keep alive interval: 60 sec
Discovery hello: holdtime: 30 sec; interval: 10 sec
Discovery targeted hello: holdtime: 90 sec; interval: 10 sec
Downstream on Demand max hop count: 255
Downstream on Demand Path Vector Limit: 255
LDP for targeted sessions
LDP initial/maximum backoff: 15/120 sec
LDP loop detection: off
P4#sh mpls ldp parameters
Protocol version: 1
Downstream label generic region: min label: 16; max label: 100000
Session hold time: 180 sec; keep alive interval: 60 sec
Discovery hello: holdtime: 15 sec; interval: 5 sec
Discovery targeted hello: holdtime: 90 sec; interval: 10 sec
Downstream on Demand max hop count: 255
Downstream on Demand Path Vector Limit: 255
LDP for targeted sessions
LDP initial/maximum backoff: 15/120 sec
LDP loop detection: off
We can see that both are using default values (hello = 10, holdtime = 90). We are going to modify this values to the following hello = 5 , holdtime = 15.
P1(config)#mpls ldp discovery targeted-hello interval 5
P1(config)#mpls ldp discovery targeted-hello holdtime 15
P4(config)#mpls ldp discovery targeted-hello interval 5
P4(config)#mpls ldp discovery targeted-hello holdtime 15
Now on to verifying the changes:
P1#sh mpls ldp parameters
Protocol version: 1
Downstream label generic region: min label: 16; max label: 100000
Session hold time: 180 sec; keep alive interval: 60 sec
Discovery hello: holdtime: 30 sec; interval: 10 sec
Discovery targeted hello: holdtime: 15 sec; interval: 5 sec
Downstream on Demand max hop count: 255
Downstream on Demand Path Vector Limit: 255
LDP for targeted sessions
LDP initial/maximum backoff: 15/120 sec
LDP loop detection: off
P4#sh mpls ldp parameters
Protocol version: 1
Downstream label generic region: min label: 16; max label: 100000
Session hold time: 180 sec; keep alive interval: 60 sec
Discovery hello: holdtime: 15 sec; interval: 5 sec
Discovery targeted hello: holdtime: 15 sec; interval: 5 sec
Downstream on Demand max hop count: 255
Downstream on Demand Path Vector Limit: 255
LDP for targeted sessions
LDP initial/maximum backoff: 15/120 sec
LDP loop detection: off
Verifying targeted adjacency is still up:
P1#sh mpls ldp neighbor
Peer LDP Ident: 10.2.2.2:0; Local LDP Ident 10.1.1.1:0
TCP connection: 10.2.2.2.19560 - 10.1.1.1.646
State: Oper; Msgs sent/rcvd: 88/89; Downstream
Up time: 01:08:39
LDP discovery sources:
Serial0/0, Src IP addr: 10.100.200.2
FastEthernet0/0, Src IP addr: 10.0.12.2
Addresses bound to peer LDP Ident:
10.0.12.2 10.100.200.2 10.0.23.2 10.2.2.2
Peer LDP Ident: 10.4.4.4:0; Local LDP Ident 10.1.1.1:0
TCP connection: 10.4.4.4.22964 - 10.1.1.1.646
State: Oper; Msgs sent/rcvd: 30/30; Downstream
Up time: 00:16:37
LDP discovery sources:
Targeted Hello 10.1.1.1 -> 10.4.4.4, active, passive
Addresses bound to peer LDP Ident:
10.0.34.4 10.4.4.4
P4#sh mpls ldp neighbor
Peer LDP Ident: 10.3.3.3:0; Local LDP Ident 10.4.4.4:0
TCP connection: 10.3.3.3.646 - 10.4.4.4.50451
State: Oper; Msgs sent/rcvd: 64/64; Downstream
Up time: 00:46:53
LDP discovery sources:
FastEthernet0/0, Src IP addr: 10.0.34.3
Addresses bound to peer LDP Ident:
10.0.34.3 10.0.23.3 10.3.3.3
Peer LDP Ident: 10.1.1.1:0; Local LDP Ident 10.4.4.4:0
TCP connection: 10.1.1.1.646 - 10.4.4.4.22964
State: Oper; Msgs sent/rcvd: 31/31; Downstream
Up time: 00:17:25
LDP discovery sources:
Targeted Hello 10.4.4.4 -> 10.1.1.1, active, passive
Addresses bound to peer LDP Ident:
10.0.12.1 10.100.200.1 10.1.1.1
Targeted Sessions with the accept from ACL.
Let`s say we have a case on which we cannot configure the mpls ldp targeted command. We can still configure the Targeted session using the mpls ldp discovery targeted-hello accept {from acl} on the router on which we cannot use the other command.
First we need to unconfigured the targeted session we built.
P4(config)#no mpls ldp neighbor 10.1.1.1 targeted ldp
Next we`ll configured the accept from command.
P4(config)#access-list 2 permit host 10.1.1.1
P4(config)#no mpls ldp neighbor 10.1.1.1 targeted ldp
P4(config)#mpls ldp discovery targeted-hello accept from 1
Here we configured an ACL to match only host P1, so the only peer that can built the targeted LDP session is P1. Next is the peering command referencing the previous acl we created.
Verifying:
P4#sh mpls ldp neighbor | begin 10.1.1.1:0
Peer LDP Ident: 10.1.1.1:0; Local LDP Ident 10.4.4.4:0
TCP connection: 10.1.1.1.646 - 10.4.4.4.22183
State: Oper; Msgs sent/rcvd: 13/13; Downstream
Up time: 00:02:06
LDP discovery sources:
Targeted Hello 10.4.4.4 -> 10.1.1.1, passive
Addresses bound to peer LDP Ident:
10.0.12.1 10.100.200.1 10.1.1.1
Label Advertisement control outbound,inbound.
Ok for now, let`s say we want to filter some labels from arriving at R4. first we need to see witch labels are we receiving.
P4#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 16 10.0.12.0/29 0 Fa0/0 10.0.34.3
17 Pop tag 10.0.23.0/29 0 Fa0/0 10.0.34.3
18 17 10.1.1.1/32 0 Fa0/0 10.0.34.3
19 18 10.2.2.2/32 0 Fa0/0 10.0.34.3
20 Pop tag 10.3.3.3/32 0 Fa0/0 10.0.34.3
21 19 10.100.200.0/30 0 Fa0/0 10.0.34.3
Now , we only want to received(labeled) P3 loopback (10.3.3.3) so we do the following:
P4(config)#access-list 23 permit 10.3.3.0 0.0.0.255
P4(config)#mpls ldp neighbor 10.3.3.0 labels accept 23
Results!, as we wanted we are only received 10.3.3.3 labeled , all the other prefix are untagged , meaning P4 its not accepting labels for the other prefixes.
P4#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Untagged 10.0.12.0/29 0 Fa0/0 10.0.34.3
17 Untagged 10.0.23.0/29 0 Fa0/0 10.0.34.3
18 Untagged 10.1.1.1/32 0 Fa0/0 10.0.34.3
19 Untagged 10.2.2.2/32 0 Fa0/0 10.0.34.3
20 Pop tag 10.3.3.3/32 0 Fa0/0 10.0.34.3
21 Untagged 10.100.200.0/30 0 Fa0/0 10.0.34.3
P4#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 16 10.0.12.0/29 0 Fa0/0 10.0.34.3
17 Pop tag 10.0.23.0/29 0 Fa0/0 10.0.34.3
18 17 10.1.1.1/32 0 Fa0/0 10.0.34.3
19 18 10.2.2.2/32 0 Fa0/0 10.0.34.3
20 Pop tag 10.3.3.3/32 0 Fa0/0 10.0.34.3
21 19 10.100.200.0/30 0 Fa0/0 10.0.34.3
P4#sh mpls ldp bindings
tib entry: 10.0.12.0/29, rev 6
local binding: tag: 16
remote binding: tsr: 10.3.3.3:0, tag: 16
remote binding: tsr: 10.1.1.1:0, tag: imp-null
tib entry: 10.0.23.0/29, rev 8
local binding: tag: 17
remote binding: tsr: 10.3.3.3:0, tag: imp-null
remote binding: tsr: 10.1.1.1:0, tag: 16
tib entry: 10.0.34.0/29, rev 4
local binding: tag: imp-null
remote binding: tsr: 10.3.3.3:0, tag: imp-null
remote binding: tsr: 10.1.1.1:0, tag: 18
tib entry: 10.1.1.1/32, rev 10
local binding: tag: 18
remote binding: tsr: 10.3.3.3:0, tag: 17
remote binding: tsr: 10.1.1.1:0, tag: imp-null
tib entry: 10.2.2.2/32, rev 12
local binding: tag: 19
remote binding: tsr: 10.3.3.3:0, tag: 18
remote binding: tsr: 10.1.1.1:0, tag: 17
tib entry: 10.3.3.3/32, rev 14
local binding: tag: 20
remote binding: tsr: 10.3.3.3:0, tag: imp-null
remote binding: tsr: 10.1.1.1:0, tag: 19
tib entry: 10.4.4.4/32, rev 2
local binding: tag: imp-null
remote binding: tsr: 10.3.3.3:0, tag: 23
remote binding: tsr: 10.1.1.1:0, tag: 20
tib entry: 10.100.200.0/30, rev 16
local binding: tag: 21
remote binding: tsr: 10.3.3.3:0, tag: 19
remote binding: tsr: 10.1.1.1:0, tag: imp-null
tib entry: 172.16.0.0/16, rev 39
remote binding: tsr: 10.1.1.1:0, tag: imp-null
tib entry: 172.16.1.0/24, rev 40
remote binding: tsr: 10.1.1.1:0, tag: imp-null
tib entry: 172.16.1.2/32, rev 18(no route)
local binding: tag: 22
remote binding: tsr: 10.3.3.3:0, tag: 20
tib entry: 172.16.70.0/24, rev 41
remote binding: tsr: 10.1.1.1:0, tag: imp-null
tib entry: 172.16.70.1/32, rev 20(no route)
local binding: tag: 23
remote binding: tsr: 10.3.3.3:0, tag: 21
tib entry: 192.168.168.0/24, rev 42
remote binding: tsr: 10.1.1.1:0, tag: imp-null
tib entry: 192.168.168.1/32, rev 22(no route)
local binding: tag: 24
remote binding: tsr: 10.3.3.3:0, tag: 22
Now , we only want to received(labeled) P3 loopback (10.3.3.3) so we do the following:
P4(config)#access-list 23 permit 10.3.3.0 0.0.0.255
P4(config)#mpls ldp neighbor 10.3.3.0 labels accept 23
Results!, as we wanted we are only received 10.3.3.3 labeled , all the other prefix are untagged , meaning P4 its not accepting labels for the other prefixes.
P4#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Untagged 10.0.12.0/29 0 Fa0/0 10.0.34.3
17 Untagged 10.0.23.0/29 0 Fa0/0 10.0.34.3
18 Untagged 10.1.1.1/32 0 Fa0/0 10.0.34.3
19 Untagged 10.2.2.2/32 0 Fa0/0 10.0.34.3
20 Pop tag 10.3.3.3/32 0 Fa0/0 10.0.34.3
21 Untagged 10.100.200.0/30 0 Fa0/0 10.0.34.3
Now lets say that we need to filter all the labels regarding each router loopback, that means we want to see those prefix unlabeled on the whole network, and just only the p2p points being labeled (for some obscure reason).
P1-P2-P3-P4
P2(config)# access-list 1 deny host 10.1.1.1
P2(config)# access-list 1 deny host 10.2.2.2
P2(config)# access-list 1 deny host 10.3.3.3
P2(config)# access-list 1 deny host 10.4.4.4
P2(config)# access-list 1 permit any
P2(config)#
P2(config)#no mpls ldp advertise-label
P2(config)# mpls ldp advertise-label for 1
Verifying
P1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Untagged 10.2.2.2/32 0 Fa0/0 10.0.12.2
17 Pop tag 10.0.23.0/29 0 Fa0/0 10.0.12.2
18 17 10.0.34.0/29 0 Fa0/0 10.0.12.2
19 Untagged 10.3.3.3/32 0 Fa0/0 10.0.12.2
20 Untagged 10.4.4.4/32 0 Fa0/0 10.0.12.2
P1-P2-P3-P4
P2(config)# access-list 1 deny host 10.1.1.1
P2(config)# access-list 1 deny host 10.2.2.2
P2(config)# access-list 1 deny host 10.3.3.3
P2(config)# access-list 1 deny host 10.4.4.4
P2(config)# access-list 1 permit any
P2(config)#
P2(config)#no mpls ldp advertise-label
P2(config)# mpls ldp advertise-label for 1
Note" For the mpls ldp advertise label for 1 to work, we need to stop the global ldp label advertisement with the no mpld ldp advertise-label"
Verifying
P1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Untagged 10.2.2.2/32 0 Fa0/0 10.0.12.2
17 Pop tag 10.0.23.0/29 0 Fa0/0 10.0.12.2
18 17 10.0.34.0/29 0 Fa0/0 10.0.12.2
19 Untagged 10.3.3.3/32 0 Fa0/0 10.0.12.2
20 Untagged 10.4.4.4/32 0 Fa0/0 10.0.12.2
P2#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Untagged 10.1.1.1/32 0 Fa0/0 10.0.12.1
17 Pop tag 10.0.34.0/29 0 Fa0/1 10.0.23.3
18 Untagged 10.3.3.3/32 0 Fa0/1 10.0.23.3
19 Untagged 10.4.4.4/32 0 Fa0/1 10.0.23.3
P3#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 10.0.12.0/29 0 Fa0/1 10.0.23.2
17 Untagged 10.1.1.1/32 0 Fa0/1 10.0.23.2
18 Untagged 10.2.2.2/32 0 Fa0/1 10.0.23.2
19 Untagged 10.4.4.4/32 0 Fa0/0 10.0.34.4
20 Pop tag 10.100.200.0/30 0 Fa0/1 10.0.23.2
P4#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 16 10.0.12.0/29 0 Fa0/0 10.0.34.3
17 Pop tag 10.0.23.0/29 0 Fa0/0 10.0.34.3
18 Untagged 10.1.1.1/32 0 Fa0/0 10.0.34.3
19 Untagged 10.2.2.2/32 0 Fa0/0 10.0.34.3
20 Untagged 10.3.3.3/32 0 Fa0/0 10.0.34.3
21 20 10.100.200.0/30 0 Fa0/0 10.0.34.3
As we can see all the loopbacks of each router is now un-labeled , and only the interface links are being labeled.
LDP session Protection.
Now we discover that we have a link-flapping problem between P1 and P2, and LDP sessions are being time-out from time to time. We decided to protect the session with the LDP session protection feature. The LDP session protection works by creating a targeted LDP session with the peer along a different link/path , so when the link fails the ldp session stays up as long as the alternate path still works.
P1
P1(config)#access-list 3 permit host 10.2.2.2
P1(config)#mpls ldp session protection for 3
After configuring this we can test that the ldp session stays up when the f0/0 link goes down between P1 and P2
P2(config)#int f0/0
P2(config-if)#sh
P2(config-if)#shutdown
P2(config-if)#
P1#sh mpls ldp discovery
Local LDP Identifier:
10.1.1.1:0
Discovery Sources:
Interfaces:
FastEthernet0/0 (ldp): xmit
Serial0/0 (ldp): xmit/recv
LDP Id: 10.2.2.2:0
Targeted Hellos:
10.1.1.1 -> 10.2.2.2 (ldp): active, xmit
As we can tell the session is still up, and its being discovery over the serial connection , so effectively the flapping or link going down, does not affect our peering with P2.
Now we discover that we have a link-flapping problem between P1 and P2, and LDP sessions are being time-out from time to time. We decided to protect the session with the LDP session protection feature. The LDP session protection works by creating a targeted LDP session with the peer along a different link/path , so when the link fails the ldp session stays up as long as the alternate path still works.
P1
P1(config)#access-list 3 permit host 10.2.2.2
P1(config)#mpls ldp session protection for 3
After configuring this we can test that the ldp session stays up when the f0/0 link goes down between P1 and P2
P2(config)#int f0/0
P2(config-if)#sh
P2(config-if)#shutdown
P2(config-if)#
After this we verify that the LDP session is still up between P1 and P2
P1#show mpls ldp neighbor
Peer LDP Ident: 10.2.2.2:0; Local LDP Ident 10.1.1.1:0
TCP connection: 10.2.2.2.55965 - 10.1.1.1.646
State: Oper; Msgs sent/rcvd: 52/59; Downstream
Up time: 00:26:56
LDP discovery sources:
Serial0/0, Src IP addr: 10.100.200.2
Addresses bound to peer LDP Ident:
10.2.2.2 10.100.200.2 10.0.23.2
P1#sh mpls ldp discovery
Local LDP Identifier:
10.1.1.1:0
Discovery Sources:
Interfaces:
FastEthernet0/0 (ldp): xmit
Serial0/0 (ldp): xmit/recv
LDP Id: 10.2.2.2:0
Targeted Hellos:
10.1.1.1 -> 10.2.2.2 (ldp): active, xmit
As we can tell the session is still up, and its being discovery over the serial connection , so effectively the flapping or link going down, does not affect our peering with P2.
No comments:
Post a Comment