[c-nsp] filter LDP bindings

Sergio D. sdanelli at gmail.com
Mon Aug 11 10:52:02 EDT 2008 

thanks for the response.
I am using 12.3(22) and "no mpls ldp advertise-labels" turns into "no
tag-switching advertise-tags" which I already have.
Oliver,
thanks for clearing up the assignment of the label, I guess thats fine as
long as it doesn't get advertised which is what I am trying to avoid.
I did try it without the deny at the end, and the result was the same.
Do I need an access-list listing my peers and apply that?

TIA


On Mon, Aug 11, 2008 at 2:24 AM, Paolo Lucente
<pl+list at pmacct.net<pl%2Blist at pmacct.net>
> wrote:

> Hi Sergio,
>
> to add to what Oliver said that you maybe want to make sure
> you have in the configuration a "no mpls ldp advertise-labels"
> line. Without that, even if you configure a filter (which is
> successfully matched as you shown), labels would still be
> announced to adjacent LDP peers.
>
> Don't know if this could be your case; i did have to make use
> out of it to verify label filtering working on a 12.2SR while
> trying to minimize exposure of our labels in an "Inter-AS" L2
> MPLS VPN scenario.
>
> no mpls ldp advertise-labels
> mpls ldp advertise-labels for LDP-DEST to LDP-PEER
> [ ... ]
> mpls label protocol ldp
> !
> interface Loopback0
>  ip address 192.168.100.4 255.255.255.255
> !
> ip access-list standard LDP-DEST
>  permit 192.168.100.4
> ip access-list standard LDP-PEER
>  permit 192.168.100.1
> !
>
> Cheers,
> Paolo
>
>
> On Sun, Aug 10, 2008 at 09:50:34PM -0600, Sergio D. wrote:
> > Hello,
> > I am trying to filter LDP label bindings to only advertise my loopback
> > address(for vpnv4 traffic) but I am unsure as to what the requirements
> are.
> > Here is what I have:
> > PE1#show ip route connected | in ^C
> > C       1.1.1.0 is directly connected, Serial1/0
> > C       10.0.0.1 is directly connected, Loopback0
> > C       150.0.0.0 is directly connected, FastEthernet0/1
> >
> > PE1#sh run | in tag
> > no tag-switching advertise-tags
> > tag-switching advertise-tags for ldp-filter
> >
> > PE1#show access-lists ldp-filter
> > Standard IP access list ldp-filter
> >     10 permit 10.0.0.0, wildcard bits 0.0.0.255 (6 matches)
> >     999 deny   any (7 matches)
> >
> > matches?
> >
> > but still generates a binding for all my connected interfaces:
> >
> > PE1#show mpls ldp bindings 150.0.0.0 24
> >   tib entry: 150.0.0.0/24, rev 2
> >         local binding:  tag: imp-null
> >         remote binding: tsr: 25.25.25.25:0, tag: 18
> > PE1#
> >
> > And the other side tags it with a label:
> >
> > PE2#traceroute 150.0.0.1
> >
> > Type escape sequence to abort.
> > Tracing the route to 150.0.0.1
> >
> >   1 1.1.1.5 [MPLS: Label 18 Exp 0] 16 msec 52 msec 24 msec
> >   2 1.1.1.1 24 msec 52 msec *
> >
> > TIA,
> >
> > --
> > Sergio Danelli
>



-- 
Sergio Danelli

More information about the cisco-nsp mailing list