[c-nsp] filter LDP bindings
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Mon Aug 11 01:41:25 EDT 2008
Sergio D. <> wrote on Monday, August 11, 2008 5:51 AM:
> Hello,
> I am trying to filter LDP label bindings to only advertise my loopback
> address(for vpnv4 traffic) but I am unsure as to what the
> requirements are. Here is what I have:
> PE1#show ip route connected | in ^C
> C 1.1.1.0 is directly connected, Serial1/0
> C 10.0.0.1 is directly connected, Loopback0
> C 150.0.0.0 is directly connected, FastEthernet0/1
>
> PE1#sh run | in tag
> no tag-switching advertise-tags
> tag-switching advertise-tags for ldp-filter
>
> PE1#show access-lists ldp-filter
> Standard IP access list ldp-filter
> 10 permit 10.0.0.0, wildcard bits 0.0.0.255 (6 matches)
> 999 deny any (7 matches)
>
> matches?
>
> but still generates a binding for all my connected interfaces:
>
> PE1#show mpls ldp bindings 150.0.0.0 24
> tib entry: 150.0.0.0/24, rev 2
> local binding: tag: imp-null
> remote binding: tsr: 25.25.25.25:0, tag: 18
> PE1#
>
> And the other side tags it with a label:
>
> PE2#traceroute 150.0.0.1
>
> Type escape sequence to abort.
> Tracing the route to 150.0.0.1
>
> 1 1.1.1.5 [MPLS: Label 18 Exp 0] 16 msec 52 msec 24 msec
> 2 1.1.1.1 24 msec 52 msec *
which release(es) are you using? Did you apply the filter on all the
nodes? Can you remove the explict "deny any" line and try again? Some
older IOS releases interpreted the explicit "deny any" differently (see
http://www.cisco.com/en/US/docs/ios/12_3/switch/command/reference/swi_m2
.html#wp1076409).
BTW: the LDP filter only prevents advertisement of the binding, it
doesn't prevent the LSR from assigning a label (the imp-null in your
example).
oli
More information about the cisco-nsp
mailing list