[c-nsp] filter LDP bindings

Paolo Lucente pl+list at pmacct.net
Mon Aug 11 04:24:07 EDT 2008 

Hi Sergio,

to add to what Oliver said that you maybe want to make sure
you have in the configuration a "no mpls ldp advertise-labels"
line. Without that, even if you configure a filter (which is
successfully matched as you shown), labels would still be
announced to adjacent LDP peers.

Don't know if this could be your case; i did have to make use
out of it to verify label filtering working on a 12.2SR while
trying to minimize exposure of our labels in an "Inter-AS" L2
MPLS VPN scenario. 

no mpls ldp advertise-labels
mpls ldp advertise-labels for LDP-DEST to LDP-PEER
[ ... ]
mpls label protocol ldp
!
interface Loopback0
 ip address 192.168.100.4 255.255.255.255
!
ip access-list standard LDP-DEST
 permit 192.168.100.4
ip access-list standard LDP-PEER
 permit 192.168.100.1
!

Cheers,
Paolo


On Sun, Aug 10, 2008 at 09:50:34PM -0600, Sergio D. wrote:
> Hello,
> I am trying to filter LDP label bindings to only advertise my loopback
> address(for vpnv4 traffic) but I am unsure as to what the requirements are.
> Here is what I have:
> PE1#show ip route connected | in ^C
> C       1.1.1.0 is directly connected, Serial1/0
> C       10.0.0.1 is directly connected, Loopback0
> C       150.0.0.0 is directly connected, FastEthernet0/1
> 
> PE1#sh run | in tag
> no tag-switching advertise-tags
> tag-switching advertise-tags for ldp-filter
> 
> PE1#show access-lists ldp-filter
> Standard IP access list ldp-filter
>     10 permit 10.0.0.0, wildcard bits 0.0.0.255 (6 matches)
>     999 deny   any (7 matches)
> 
> matches?
> 
> but still generates a binding for all my connected interfaces:
> 
> PE1#show mpls ldp bindings 150.0.0.0 24
>   tib entry: 150.0.0.0/24, rev 2
>         local binding:  tag: imp-null
>         remote binding: tsr: 25.25.25.25:0, tag: 18
> PE1#
> 
> And the other side tags it with a label:
> 
> PE2#traceroute 150.0.0.1
> 
> Type escape sequence to abort.
> Tracing the route to 150.0.0.1
> 
>   1 1.1.1.5 [MPLS: Label 18 Exp 0] 16 msec 52 msec 24 msec
>   2 1.1.1.1 24 msec 52 msec *
> 
> TIA,
> 
> -- 
> Sergio Danelli

More information about the cisco-nsp mailing list