[c-nsp] MPLS labels with VPNv4 blackholing

Harold Ritter hritter at cisco.com
Tue Jun 5 13:42:02 EDT 2012


Ross,

It is normal that a different label is allocated for each RTBH prefix,
regardless of the next hop, given the default label allocation mode in IOS
is per prefix. As Oli mentioned, you can change this mode to per-vrf. It
should not make a big difference though, unless you have a boat load of
RTBH
prefixes.

Regards






>Le 12-06-05 12:36, « Ross Halliday » <ross.halliday at wtccommunications.ca>
>a écrit :
>
>>Thanks Oli, however...
>>
>>> -----Original Message-----
>>> From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
>>> Sent: Tuesday, June 05, 2012 12:19 PM
>>> To: Ross Halliday; cisco-nsp at puck.nether.net
>>> Subject: RE: [c-nsp] MPLS labels with VPNv4 blackholing
>>>
>>> the RR is not generating any labels, it's the originator (i.e. the PE)
>>> who does.
>>> 
>>> ...
>>> 
>>> I guess all of the routes are originated by a specific PE in the
>>> network? You could use per-vrf labels there (and per-vrf labels should
>>> also work on 7600 and ASR1k and others, haven't checked)..
>>
>>For our real subscriber routes, yes. However I'm injecting the routes to
>>be blackholed on the route reflectors themselves, and sending those to
>>PEs in the style at
>>http://www.cisco.com/web/about/security/intelligence/blackhole.pdf and
>>https://supportforums.cisco.com/docs/DOC-14618. At any rate, I'm
>>surprised that two prefixes that dump to Null0 get separate labels. The
>>FEC should be identical, no?
>>
>>> > I don't plan on sending out thousands of black hole routes that might
>>> > exhaust the label table but all this junk in LDP is annoying me.
>>> 
>>> none of these labels will end up in LDP, we're talking about BGP/l3vpn
>>> labels here.> 
>>>
>>> ...
>>> but even if
>>> you advertise a per-prefix label, the other PEs shouldn't have any
>>> problems storing these (I remember a 3rd-party device which had
>>> problems
>>> storing a lot of different vpnv4 labels, but that's been ages).
>>
>>True enough - still annoying me anyway :) I can break these things
>>pretty 
>>good with a debug command or two, so I'd prefer things to be as clean as
>>possible.
>>
>>Thanks
>>Ross
>>
>>
>>_______________________________________________
>>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/





More information about the cisco-nsp mailing list