all things packets and internetworks
MPLS LDP Inbound Label Filtering
MPLS LDP inbound label filtering can be used to reduce the size of the LIB by filtering label bindings that are advertised by other routers. This can save memory needed on a router to participate in the MPLS domain.
In this scenario, I want to filter all the bindings from P2 except for the loopback of PE_EAST, which is 200.200.200.200. The reason I choose only to permit the loopback of PE_EAST is this label will be the only one needed when I set up my iBGP peering for MP-BGP, when I get to the VRFs.
This is the topology used.
Checking the current LIB
PE_WEST#show mpls ldp bindings neighbor 2.2.2.2 lib entry: 1.1.1.1/32, rev 30 remote binding: lsr: 2.2.2.2:0, label: 16 lib entry: 2.2.2.2/32, rev 4 remote binding: lsr: 2.2.2.2:0, label: imp-null lib entry: 3.3.3.3/32, rev 6 remote binding: lsr: 2.2.2.2:0, label: 17 lib entry: 4.4.4.4/32, rev 8 remote binding: lsr: 2.2.2.2:0, label: 18 lib entry: 10.10.11.0/24, rev 10 remote binding: lsr: 2.2.2.2:0, label: 19 lib entry: 10.12.12.0/24, rev 12 remote binding: lsr: 2.2.2.2:0, label: imp-null lib entry: 10.13.13.0/24, rev 14 remote binding: lsr: 2.2.2.2:0, label: 20 lib entry: 10.20.22.0/24, rev 16 remote binding: lsr: 2.2.2.2:0, label: imp-null lib entry: 10.24.24.0/24, rev 18 remote binding: lsr: 2.2.2.2:0, label: imp-null lib entry: 10.30.33.0/24, rev 20 remote binding: lsr: 2.2.2.2:0, label: 21 lib entry: 10.34.34.0/24, rev 22 remote binding: lsr: 2.2.2.2:0, label: 22 lib entry: 10.40.44.0/24, rev 24 remote binding: lsr: 2.2.2.2:0, label: 23 lib entry: 100.100.100.100/32, rev 26 remote binding: lsr: 2.2.2.2:0, label: 24 lib entry: 200.200.200.200/32, rev 28 remote binding: lsr: 2.2.2.2:0, label: 25
I need to create an ACL to match the label bindings permitted into the LIB. When creating the ACL, be sure to note that inbound label filtering only supports standard ACLs, not extended ACLs.
PE_WEST(config)#access-list 1 permit 200.200.200.200
Now, apply the ACL to the label via the mpls ldp neighbor command.
PE_WEST(config)#mpls ldp neighbor 2.2.2.2 labels accept 1
Verify that LDP is filtering inbound for that LDP neighbor.
PE_WEST#show mpls ldp neighbor 2.2.2.2 detail Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 100.100.100.100:0 TCP connection: 2.2.2.2.646 - 100.100.100.100.11033 State: Oper; Msgs sent/rcvd: 2921/2918; Downstream; Last TIB rev sent 30 Up time: 1d18h; UID: 8; Peer Id 0; LDP discovery sources: FastEthernet2/1; Src IP addr: 10.20.22.2 holdtime: 15000 ms, hello interval: 5000 ms Addresses bound to peer LDP Ident: 10.20.22.2 10.24.24.2 10.12.12.2 2.2.2.2 Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab LDP inbound filtering accept acl: 1
Finally, check the current LIB from P2.
PE_WEST#show mpls ldp bindings neighbor 2.2.2.2 lib entry: 200.200.200.200/32, rev 28 remote binding: lsr: 2.2.2.2:0, label: 25 PE_WEST#
Great! Exactly what expect. The only LIB entry from 2.2.2.2 is the label for 200.200.200.200/32.
| Print article | This entry was posted by packetpundit on June 18, 2011 at 6:31 am, and is filed under Uncategorized. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |