MPLS Fundamentals: 3 – LDP

Basic MPLS LDP Configuration

224.0.0.2 group IP multicast address. The UDP port used for LDP is 646.

LDP Discovery

show mpls ldp discovery detail
show mpls ldp discovery detail
show mpls interfaces
show mpls interfaces

LDP discovery timers manipulation

mpls ldp discovery {hello {holdtime | interval } seconds

The default value for holdtime is 15 seconds for link Hello messages, and the default value for interval is 5 seconds.
If the two LDP peers have different LDP Hold times configured, the smaller of the two values is used as the Hold time for that LDP discovery source.

Cisco IOS might overwrite the configured LDP Hello interval. It will choose a smaller LDP Hello interval than configured so that it can send at least three LDP Hellos before the Hold time expires. (At least nine Hellos are sent in the case of a targeted LDP session)

The highest IP address of the loopback interfaces is taken for the LDP router-ID. If no loopback interfaces exist, the highest IP address of an interface is taken.

mpls ldp router-id interface [force]

Without force keyword, the LDP router-ID is changed only the next time it is necessary to select the router ID after configuring this command. This happens when the interface that determines the current LDP router-ID is shut down.

Note: In Cisco IOS, the MPLS LDP router-ID needs to be present in the routing table of the LDP neighboring routers. If it is not, the LDP session is not formed.

mpls ldp backoff initial-backoff maximum-backoff
  • The initial-backoff parameter is a value between 5 and 2,147,483, with a default of 15 seconds.
  • The maximum-backoff is a value between 5 and 2,147,483, with a default of 120 seconds. This command slows down the LDP session setup attempts of two LDP LSRs, when the two neighboring LDP peers are incompatible in terms of the parameters they exchange. If the session setup attempt fails, the next attempts are undertaken at an exponentially increased time, until the maximum backoff time is reached.

LDP session keepalive timer is mpls ldp holdtime seconds You can configure the value of the Hold time to be between 15 and  2,147,483 seconds, with a default of 180 seconds.

show mpls ldp parameters
show mpls ldp parameters

LDP Neighbor Hold Time and KA Interval

show mpls ldp neighbor detail
show mpls ldp neighbor detail
mpls ldp discovery transport-address {interface | ip-address}

When a router has multiple links toward another LDP router, the same transport address must be advertised on all the parallel links that use the same label space.
When the per-platform label space is the only label space used between a pair of LSRs, one LDP session suffices.
Interfaces belong to the per-platform label space when they are frame-mode interfaces. Interfaces that are not frame-mode interfaces—such as LC-ATM interfaces—have a per-interface label space. With per-interface label space, each label binding has  relevance only to that interface. Therefore, for each interface that has a per-interface label space, one LDP session must exist between the pair of routers.
In UD advertisement mode, the LDP peer distributes the label bindings unsolicited to its LDP peers. However, the label bindings are a set of (LDP Identifier, label) per prefix. An LDP router receives multiple label bindings for each prefix—namely, one per LDP peer.

Label Information Base (LIB)

show mpls ldp bindings
show mpls ldp bindings
show mpls ip binding
show mpls ip binding

The advantage of the command show mpls ip binding is that it also shows which label from all possible remote bindings is used to forward traffic by indicating inuse.

When an LDP peer advertises a label binding, the receiving LDP peers keep it until the LDP session goes down or until the label is withdrawn.

debug mpls ldp messages received
debug mpls ldp bindings
debug mpls ldp
debug mpls ldp

In older Cisco IOS softwares (pre 12.0(21)ST), the default behavior was not to send a Label Withdraw message to withdraw the label before advertising the new label for the FEC. The new label advertisement was also an implicit label withdraw. If you want to keep the old behavior, you must configure the command  mpls ldp neighbor 10.200.254.5 implicit-withdraw.
The advantage of this command is the avoidance of sending the Label Withdraw messages, which  equates to less overhead.

Targeted LDP

For LDP neighbors that are not directly connected, the LDP neighborship needs to be configured manually on both the routers with the following command:

mpls ldp neighbor targeted

With a targeted LDP session and an alternative path to get the LDP TCP packets from one LSR to the other, the LDP session stays up when the link between the two LSRs goes down.

mpls ldp discovery {hello {holdtime | interval } seconds | targeted-hello {holdtime | interval } seconds | accept [from acl ]}

You can configure on both routers the LDP neighbor as targeted. Another way of achieving the same result is to configure the targeted LDP neighbor on one router only and to configure the other router to accept targeted LDP sessions from specific LDP routers. You do this by configuring the following command:

mpls ldp discovery targeted-hello accept [from acl]

To prevent just any router from setting up an LDP session with this router, you can use the command with an access  list.

LDP sessions are TCP sessions. TCP sessions can be attacked by spoofed TCP segments. To protect LDP against such attacks, you can use Message Digest 5 (MD5) authentication.

mpls ldp neighbor [vrf vpn-name ] ip-addr password [0-7] pswd-string
mpls ldp advertise-labels [vrf vpn-name ] [ interface interface | for prefix-access-list [to peer- access-list ]]

You do not have to clear the LDP neighbor to which you apply the mpls ldp advertise-labels command for it to take effect.

show mpls ldp bindings advertisement-acls
show mpls ldp bindings advertisement-acls
show mpls ldp bindings neighbor 10.200.254.4 detail
show mpls ldp bindings neighbor 10.200.254.4 detail

Following is the command to enable the inbound label binding filtering:

mpls ldp neighbor [vrf vpn-name] nbr-address labels accept acl

mpls ldp neighbor labels accept

Every interface on which the IGP is running then has LDP enabled. The OSPF router command to enable  LDP Autoconfiguration is:

mpls ldp autoconfig [area area-id]

The interface command to disable LDP Autoconfiguration on an interface is:

no mpls ldp igp autoconfig
show mpls interfaces detail
show mpls interfaces detail
show mpls ldp discovery detail 2
show mpls ldp discovery detail
MPLS LDP-IGP Synchronization

This feature ensures that the link is not used to forward (unlabeled) traffic when the LDP session across the link is down. Rather, the traffic is forwarded out another link where the LDP session is still  established.

How MPLS LDP-IGP Synchronization Works

When the MPLS LDP-IGP synchronization is active for an interface, the IGP announces that link with maximum metric until the synchronization is achieved, or until the LDP session is running across that interface. No path through the interface where LDP is down is used unless it is the only path. (No other paths have a better metric.) After the LDP session is established and label bindings have been exchanged, the IGP advertises the link with its normal IGP metric. At that point, the traffic is label-switched across that interface. Basically, OSPF does not form an adjacency across a link if the LDP session is not established  first across that link. (OSPF  does not send out Hellos on the link.)

If router A has only router B as a neighbor, and the LDP router-ID of router B is not reachable; this means that no route exists for it in the routing table of router A. In that case, the LDP-IGP synchronization detects that the peer is not  reachable and lets OSPF bring up the adjacency anyway. In this case, the link is advertised with maximum metric until the synchronization occurs. This makes  the path through that link a path of last resort.

mpls ldp sync

You can disable MPLS LDP-IGP Synchronization on one particular interface with no mpls ldp igp sync .

By default, if synchronization is not achieved, the IGP waits indefinitely to bring up the adjacency. You can change this with the global command below:

mpls ldp igp sync holddown msecs

When the OSPF adjacency is up but the LDP session is not, OSPF says “Interface is up and sending  maximum metric”

show mpls ldp igp sync
show mpls ldp igp sync
debug mpls ldp igp sync interface
debug mpls ldp igp sync interface

If the peer is not reachable, as in Example below, the IGP forms an adjacency anyway to give LDP the opportunity to build an LDP session across that link. This happens when this link is the only path (still working) to the peer router.

debug mpls ldp igp sync interface 2
debug mpls ldp igp sync interface

When the directly connected link goes down between the two LSRs, the targeted LDP session is kept up as long as an alternative path exists between the two LSRs.

mpls ldp session protection [vrf vpn-name] [for acl] [duration seconds]

The access list (acl) you configure lets you specify the LDP peers that should be protected. It should hold the LDP Router Identifier of the LDP neighbors that need protection. The duration is the time that the protection (the  targeted LDP session) should remain in place after the LDP link adjacency has gone down. The default value is infinite. For the protection to work, you need to enable it on both the LSRs. If this is not possible, you can enable it on one LSR, and the other LSR can accept the targeted LDP Hellos by configuring the following command
mpls ldp discovery targetedhello accept

LDP Graceful Restart

It specifies a mechanism for LDP peers to preserve the MPLS forwarding state when the LDP session goes down. As such, traffic can continue to be forwarded without interruption, even when the LDP session restarts.

Share this!

Author: Mo Moghaddas

Traveler. Casual investor. Amateur photographer loving Networks. Blockchain/Cryptocurrency enthusiast. Internet citizen!

Leave a Reply

Your email address will not be published. Required fields are marked *