LDP Label Advertisement Filtering Challenge

Load isis.cfg

#IOS-XE
config replace flash:isis.cfg

#IOS-XR
configure
load bootflash:isis.cfg
commit replace
y

  • Configure LDP using IGP autoconfig on routers R2-R6 and XR1.

  • Configure all routers to only allocate labels for /32s.

  • In this topology, only R2 and XR1 are PEs. Configure R3 to obtain this output using inbound filtering:

  • Configure the network so that R5 has this in its LFIB. Do this without configuring R5 itself:

Answer

Enable LDP and allocate only for /32s:

#R2-R6
router isis
 mpls ldp autoconfig
!
mpls ldp label
 allocate global host-routes

#XR1
router isis 1
 add ipv4
  mpls ldp auto-config
!
mpls ldp
 label
   local
    allocate for host-routes

Verify that all routers only have /32 prefixes in their LFIB:

Configure R3 to filter all prefixes except for R2 and XR1’s loopback:

#R3
access-l 1 permit 2.2.2.2
access-l 1 permit 19.19.19.19
!
mpls ldp neighbor 2.2.2.2 labels accept 1
mpls ldp neighbor 4.4.4.4 labels accept 1
mpls ldp neighbor 6.6.6.6 labels accept 1

Note that you may need to clear LDP neighbors. R3 should now only have remote labels for 2.2.2.2/32 and 19.19.19.19/32

Configure all of R5’s neighbors to only advertise labels for R2 and XR1’s loopback to R5:

#R4, R6
access-l 1 permit 2.2.2.2
access-l 1 permit 19.19.19.19
access-l 5 permit 5.5.5.5
!
mpls ldp advertise-labels for 1 to 5
no mpls ldp advertise-labels

#XR1
ipv4 access-list R5
 10 permit ipv4 host 5.5.5.5 any
!
ipv4 access-list LDP_PREFIXES
 10 permit ipv4 host 2.2.2.2 any
 20 permit ipv4 host 19.19.19.19 any
!
mpls ldp
 address-family ipv4
  label
   local
    advertise
     disable
     for LDP_PREFIXES to R5

R5 should now only have remote labels for 2.2.2.2/32 and 19.19.19.19/32

NOTE: Upon doing this lab again, I noticed that R4, R6, and XR1 are no longer advertising labels to any other peers besides R5! Instead I used a “to” ACL of any so that these routers advertise the PE loopbacks to all LDP peers, not just R5. We can also just omit the “to” portion and apply the advertisement filter to all peers by default.

Explanation

Before label allocation filtering was available, label control was achieved using inbound and outbound label filtering. As you can see, this is quite tedious, as you have to apply inbound filtering to every peer individually, or apply outbound filtering to a group of peers indentified in an ACL. Further, you are still left with several prefixes with no labels, because the router is still locally allocating labels. For example, on R5 we see local labels for 3.3.3.3/32, 4.4.4.4/32, etc., because it is allocating these locally, although it is not receiving any remote bindings for them.

Also remember that when using outbound label filtering, you must also turn off the default advertisement using no mpls ldp advertise-labels on IOS-XE and mpls ldp label local advertise disable on IOS-XR.

These days it is better to just use local label allocation. In this lab you allocated labels for host-routes, but you can also allocate based on a prefix-list (IOS-XE) or ACL (IOS-XR) using:

#IOS-XE
mpls ldp label
 allocate global prefix-list prefix-list

#IOS-XR
mpls ldp
 label
   local
    allocate for ACL
PreviousLDP Inbound Label Advertisement FilteringNextLDP Implicit Withdraw

Last updated