LDP Session Protection
Load isis.cfg
Configure LDP using IGP autoconfig on routers R2-R6 and XR1.
Configure session protection between R2 and R3, and between R6 and XR1. Use two different methods to protect each of the two sessions.
Verify that the session stays up when the direct link between the neighbors flaps.
Answer
Explanation
Session protection keeps an LDP session up in the event that the local link to a router goes down. It only works if there is still an alternate route to the neighbor. Of course, while the link is down, the label bindings are no longer used. But when the link comes back up the routers don’t need to re-converge on LDP. The label bindings are still the same, and are retained.
This is sort of an alternative to LDP/IGP sync when a link flaps. When the IGP adjacency comes back up LDP is already established, so you don’t get any blackholing of labeled traffic. However, LDP/IGP sync protects more situations than session protection for the purpose of keeping LDP in sync with the IGP. It’s more proper to say that session protection is for improving re-convergence of LDP neighbors, while LDP/IGP sync is for preventing blackholing of labeled traffic.
Because session protection just uses a targeted session, you can achieve the same result by manually configuring targeted sessions between LDP neighbors. When using targeted sessions, you can configure one side only, and configure the other side to accept targeted Hellos.
The only difference between using session protection and using a targeted session, is that session protection has a built-in holddown timer. If the holddown timer expires, the LDP session is torn down anyways, even though loopback connectivity is still available. The idea is that you don’t want to hold onto the LDP bindings indefinitely if the routers’ direct link is permanently disconnected. At a certain point, holding onto unused label bindings is not worth it any more.
Verification
LDP session protection takes advantage of the fact that a single LDP TCP session is always used no matter how many “links” the routers have between them. So essentially, we can have n discovery soruces, but always one single TCP session. Session protection simply uses a targeted hello as a second discovery source.
Notice above that the default LDP session protection duration is 86400 seconds (24 hours). We can control this using mpls ldp session protection duration seconds|infinite.
To demonstrate LDP session protection in action, we’ll change the duration, shut the direct link between R2-R3, and run debug mpls ldp session protection.
The discovery sources now lists only the targeted Hello. The session protection state is now protecting. The holdup timer starts counting down.
Eventually, the holdup timer expires, and the LDP session is completely torn down.
If we bring the directly connected interface back up, the session protection will go back to ready.
XR1 only used a manual targeted session. Because we didn’t explicitly configure session protection, we don’t see any session protection output. However, the result is the same as if we used session protection with an infinite duration.
Note that on IOS-XR, session protection configuration is very similar to IOS-XE:
Also, we have the option of restricting session protection to particular LDP RIDs using an ACL on both IOS-XE and IOS-XR. We’ll configure session protection between R5 and XR1 to demonstrate this method:
Last updated
