[c-nsp] MPLS labels with VPNv4 blackholing

Ross Halliday ross.halliday at wtccommunications.ca
Tue Jun 5 12:36:26 EDT 2012


Thanks Oli, however...

> -----Original Message-----
> From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
> Sent: Tuesday, June 05, 2012 12:19 PM
> To: Ross Halliday; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] MPLS labels with VPNv4 blackholing
>
> the RR is not generating any labels, it's the originator (i.e. the PE)
> who does.
> 
> ...
> 
> I guess all of the routes are originated by a specific PE in the
> network? You could use per-vrf labels there (and per-vrf labels should
> also work on 7600 and ASR1k and others, haven't checked)..

For our real subscriber routes, yes. However I'm injecting the routes to be blackholed on the route reflectors themselves, and sending those to PEs in the style at http://www.cisco.com/web/about/security/intelligence/blackhole.pdf and https://supportforums.cisco.com/docs/DOC-14618. At any rate, I'm surprised that two prefixes that dump to Null0 get separate labels. The FEC should be identical, no?

> > I don't plan on sending out thousands of black hole routes that might
> > exhaust the label table but all this junk in LDP is annoying me.
> 
> none of these labels will end up in LDP, we're talking about BGP/l3vpn
> labels here.> 
>
> ...
> but even if
> you advertise a per-prefix label, the other PEs shouldn't have any
> problems storing these (I remember a 3rd-party device which had
> problems
> storing a lot of different vpnv4 labels, but that's been ages).

True enough - still annoying me anyway :) I can break these things pretty good with a debug command or two, so I'd prefer things to be as clean as possible.

Thanks
Ross




More information about the cisco-nsp mailing list