[c-nsp] MPLS LDP Authentication Scaling

Mark Tinka mtinka at globaltransit.net
Fri Aug 17 07:50:08 EDT 2007


Hello all.

I've been going over some thoughts about scaling MPLS LDP 
authentication in an environment where all MPLS LER's or 
LSR's on the same subnet require LDP authentication.

I've had a look at the 'mpls ldp password option' and 'mpls 
ldp password required' features, but these require local 
ACL's be built and maintained, which also doesn't appear to 
scale well across several routers, at first glance.

Some fora suggest LDP authentication only be enabled 
on "untrusted LDP peerings".

I'd be happy to hear the current practice most folk adopt.

Cheers,

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20070817/0d1b0042/attachment-0001.bin 


More information about the cisco-nsp mailing list