[c-nsp] filter LDP bindings

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Mon Aug 11 11:51:09 EDT 2008


Sergio,

your config looks fine, so I don't know what's happening. Can you show a
"show mpls ldp bindings 10.0.0.1 32" on the LDP neighbor(s) or a "show
mpls forwarding interface <foo>" where <foo> is the neighbor's interface
to PE1?
No need to specify a "to <acl>" to select which neighbors you want to
advertise this to in your case.

	oli

Sergio D. <mailto:sdanelli at gmail.com> wrote on Monday, August 11, 2008
4:52 PM:

> thanks for the response.
> I am using 12.3(22) and "no mpls ldp advertise-labels" turns into "no
> tag-switching advertise-tags" which I already have. 
> Oliver,
> thanks for clearing up the assignment of the label, I guess thats
> fine as long as it doesn't get advertised which is what I am trying
> to avoid. I did try it without the deny at the end, and the result
> was the same.  
> Do I need an access-list listing my peers and apply that?
> 
> TIA
> 
> 
> 
> On Mon, Aug 11, 2008 at 2:24 AM, Paolo Lucente <pl+list at pmacct.net
> <mailto:pl%2Blist at pmacct.net> > wrote: 
> 
> 
> 	Hi Sergio,
> 
> 	to add to what Oliver said that you maybe want to make sure
> 	you have in the configuration a "no mpls ldp advertise-labels"
> 	line. Without that, even if you configure a filter (which is
> 	successfully matched as you shown), labels would still be
> 	announced to adjacent LDP peers.
> 
> 	Don't know if this could be your case; i did have to make use
> 	out of it to verify label filtering working on a 12.2SR while
> 	trying to minimize exposure of our labels in an "Inter-AS" L2
> 	MPLS VPN scenario.
> 
> 
> 	no mpls ldp advertise-labels
> 
> 	mpls ldp advertise-labels for LDP-DEST to LDP-PEER
> 	[ ... ]
> 	mpls label protocol ldp
> 	!
> 	interface Loopback0
> 	 ip address 192.168.100.4 255.255.255.255
> 	!
> 	ip access-list standard LDP-DEST
> 	 permit 192.168.100.4
> 	ip access-list standard LDP-PEER
> 	 permit 192.168.100.1
> 	!
> 
> 	Cheers,
> 	Paolo
> 
> 
> 
> 	On Sun, Aug 10, 2008 at 09:50:34PM -0600, Sergio D. wrote:
> 	> Hello,
> 	> I am trying to filter LDP label bindings to only advertise my
> 	loopback > address(for vpnv4 traffic) but I am unsure as to what
the
> 	requirements are. > Here is what I have:
> 	> PE1#show ip route connected | in ^C
> 	> C       1.1.1.0 is directly connected, Serial1/0
> 	> C       10.0.0.1 is directly connected, Loopback0
> 	> C       150.0.0.0 is directly connected, FastEthernet0/1
> 	>
> 	> PE1#sh run | in tag
> 	> no tag-switching advertise-tags
> 	> tag-switching advertise-tags for ldp-filter
> 	>
> 	> PE1#show access-lists ldp-filter
> 	> Standard IP access list ldp-filter
> 	>     10 permit 10.0.0.0, wildcard bits 0.0.0.255 (6 matches)
> 	>     999 deny   any (7 matches)
> 	>
> 	> matches?
> 	>
> 	> but still generates a binding for all my connected interfaces:
> 	>
> 	> PE1#show mpls ldp bindings 150.0.0.0 24
> 	>   tib entry: 150.0.0.0/24, rev 2
> 	>         local binding:  tag: imp-null
> 	>         remote binding: tsr: 25.25.25.25:0, tag: 18
> 	> PE1#
> 	>
> 	> And the other side tags it with a label:
> 	>
> 	> PE2#traceroute 150.0.0.1
> 	>
> 	> Type escape sequence to abort.
> 	> Tracing the route to 150.0.0.1
> 	>
> 	>   1 1.1.1.5 [MPLS: Label 18 Exp 0] 16 msec 52 msec 24 msec
> 	>   2 1.1.1.1 24 msec 52 msec *
> 	>
> 	> TIA,
> 	>
> 	> --
> 	> Sergio Danelli
> 
> 
> 
> 
> 
> --
> Sergio Danelli


More information about the cisco-nsp mailing list