[c-nsp] MPLS labels with VPNv4 blackholing

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Tue Jun 5 14:11:43 EDT 2012


Ross,

> > -----Original Message-----
> > From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
> > Sent: Tuesday, June 05, 2012 12:19 PM
> > To: Ross Halliday; cisco-nsp at puck.nether.net
> > Subject: RE: [c-nsp] MPLS labels with VPNv4 blackholing
> >
> > the RR is not generating any labels, it's the originator (i.e. the
PE)
> > who does.
> >
> > ...
> >
> > I guess all of the routes are originated by a specific PE in the
> > network? You could use per-vrf labels there (and per-vrf labels
should
> > also work on 7600 and ASR1k and others, haven't checked)..
> 
> For our real subscriber routes, yes. However I'm injecting the routes
to be
> blackholed on the route reflectors themselves, 

well.. strictly speaking then you turn the RR into a PE as you have a
VRF configured and inject prefix there.. I would possibly investigate
using a distinct router, just to keep the functionality/features on the
RR clean.. defining a VRF on a vpnv4 RR is quite unusual (not
impossible, but very seldomly deployed). 

> and sending those to PEs in the style at
> http://www.cisco.com/web/about/security/intelligence/blackhole.pdf and
> https://supportforums.cisco.com/docs/DOC-14618. At any rate, I'm
surprised
> that two prefixes that dump to Null0 get separate labels. The FEC
should be
> identical, no?

Well, the FEC for vpnv4 is defined by the originator of the routes, and
with per-prefix the FEC is defined to be different ;-)

So if you're worried about the distinct labels, you need to originate
the pfx on a platform/version which supports per-vrf label feature.
Looks like recent 15.1S images support per-vrf labels on the c7200..

	oli

 




More information about the cisco-nsp mailing list