Basic MPLS LDP Configuration
ip cef mpls ldp router-id Loopback0 [force] mpls label protocol ldp
224.0.0.2 group IP multicast address. The UDP port used for LDP is 646.
LDP Discovery
LDP discovery timers manipulation
mpls ldp discovery {hello {holdtime | interval } seconds
The default value for holdtime is 15 seconds for link Hello messages, and the default value for interval is 5 seconds.
If the two LDP peers have different LDP Hold times configured, the smaller of the two values is used as the Hold time for that LDP discovery source.
Cisco IOS might overwrite the configured LDP Hello interval. It will choose a smaller LDP Hello interval than configured so that it can send at least three LDP Hellos before the Hold time expires. (At least nine Hellos are sent in the case of a targeted LDP session)
The highest IP address of the loopback interfaces is taken for the LDP router-ID. If no loopback interfaces exist, the highest IP address of an interface is taken.
mpls ldp router-id interface [force]
Without
forcekeyword, the LDP router-ID is changed only the next time it is necessary to select the router ID after configuring this command. This happens when the interface that determines the current LDP router-ID is shut down.
Note: In Cisco IOS, the MPLS LDP router-ID needs to be present in the routing table of the LDP neighboring routers. If it is not, the LDP session is not formed.
mpls ldp backoff initial-backoff maximum-backoff
- The
initial-backoffparameter is a value between 5 and 2,147,483, with a default of 15 seconds. - The
maximum-backoffis a value between 5 and 2,147,483, with a default of 120 seconds. This command slows down the LDP session setup attempts of two LDP LSRs, when the two neighboring LDP peers are incompatible in terms of the parameters they exchange. If the session setup attempt fails, the next attempts are undertaken at an exponentially increased time, until the maximum backoff time is reached.
LDP session keepalive timer is mpls ldp holdtime seconds You can configure the value of the Hold time to be between 15 and 2,147,483 seconds, with a default of 180 seconds.
LDP Neighbor Hold Time and KA Interval
mpls ldp discovery transport-address {interface | ip-address}
When a router has multiple links toward another LDP router, the same transport address must be advertised on all the parallel links that use the same label space.
When the per-platform label space is the only label space used between a pair of LSRs, one LDP session suffices.
Interfaces belong to the per-platform label space when they are frame-mode interfaces. Interfaces that are not frame-mode interfaces—such as LC-ATM interfaces—have a per-interface label space. With per-interface label space, each label binding has relevance only to that interface. Therefore, for each interface that has a per-interface label space, one LDP session must exist between the pair of routers.
In UD advertisement mode, the LDP peer distributes the label bindings unsolicited to its LDP peers. However, the label bindings are a set of (LDP Identifier, label) per prefix. An LDP router receives multiple label bindings for each prefix—namely, one per LDP peer.
Label Information Base (LIB)
The advantage of the command show mpls ip binding is that it also shows which label from all possible remote bindings is used to forward traffic by indicating inuse.
When an LDP peer advertises a label binding, the receiving LDP peers keep it until the LDP session goes down or until the label is withdrawn.
debug mpls ldp messages received debug mpls ldp bindings
In older Cisco IOS softwares (pre 12.0(21)ST), the default behavior was not to send a Label Withdraw message to withdraw the label before advertising the new label for the FEC. The new label advertisement was also an implicit label withdraw. If you want to keep the old behavior, you must configure the command mpls ldp neighbor 10.200.254.5 implicit-withdraw.
The advantage of this command is the avoidance of sending the Label Withdraw messages, which equates to less overhead.
Targeted LDP
For LDP neighbors that are not directly connected, the LDP neighborship needs to be configured manually on both the routers with the following command:
mpls ldp neighbor targeted
With a targeted LDP session and an alternative path to get the LDP TCP packets from one LSR to the other, the LDP session stays up when the link between the two LSRs goes down.
mpls ldp discovery {hello {holdtime | interval } seconds | targeted-hello {holdtime | interval } seconds | accept [from acl ]}
You can configure on both routers the LDP neighbor as targeted. Another way of achieving the same result is to configure the targeted LDP neighbor on one router only and to configure the other router to accept targeted LDP sessions from specific LDP routers. You do this by configuring the following command:
mpls ldp discovery targeted-hello accept [from acl]
To prevent just any router from setting up an LDP session with this router, you can use the command with an access list.
LDP sessions are TCP sessions. TCP sessions can be attacked by spoofed TCP segments. To protect LDP against such attacks, you can use Message Digest 5 (MD5) authentication.
mpls ldp neighbor [vrf vpn-name ] ip-addr password [0-7] pswd-string
mpls ldp advertise-labels [vrf vpn-name ] [ interface interface | for prefix-access-list [to peer- access-list ]]
You do not have to clear the LDP neighbor to which you apply the mpls ldp advertise-labels command for it to take effect.
Following is the command to enable the inbound label binding filtering:
mpls ldp neighbor [vrf vpn-name] nbr-address labels accept acl
Every interface on which the IGP is running then has LDP enabled. The OSPF router command to enable LDP Autoconfiguration is:
mpls ldp autoconfig [area area-id]
The interface command to disable LDP Autoconfiguration on an interface is:
no mpls ldp igp autoconfig
MPLS LDP-IGP Synchronization
This feature ensures that the link is not used to forward (unlabeled) traffic when the LDP session across the link is down. Rather, the traffic is forwarded out another link where the LDP session is still established.
How MPLS LDP-IGP Synchronization Works
When the MPLS LDP-IGP synchronization is active for an interface, the IGP announces that link with maximum metric until the synchronization is achieved, or until the LDP session is running across that interface. No path through the interface where LDP is down is used unless it is the only path. (No other paths have a better metric.) After the LDP session is established and label bindings have been exchanged, the IGP advertises the link with its normal IGP metric. At that point, the traffic is label-switched across that interface. Basically, OSPF does not form an adjacency across a link if the LDP session is not established first across that link. (OSPF does not send out Hellos on the link.)
If router A has only router B as a neighbor, and the LDP router-ID of router B is not reachable; this means that no route exists for it in the routing table of router A. In that case, the LDP-IGP synchronization detects that the peer is not reachable and lets OSPF bring up the adjacency anyway. In this case, the link is advertised with maximum metric until the synchronization occurs. This makes the path through that link a path of last resort.
mpls ldp sync
You can disable MPLS LDP-IGP Synchronization on one particular interface with no mpls ldp igp sync .
By default, if synchronization is not achieved, the IGP waits indefinitely to bring up the adjacency. You can change this with the global command below:
mpls ldp igp sync holddown msecs
When the OSPF adjacency is up but the LDP session is not, OSPF says “Interface is up and sending maximum metric”
show ip ospf mpls ldp interface serial 4/0 mpls ldp igp sync holddown 30000
If the peer is not reachable, as in Example below, the IGP forms an adjacency anyway to give LDP the opportunity to build an LDP session across that link. This happens when this link is the only path (still working) to the peer router.
When the directly connected link goes down between the two LSRs, the targeted LDP session is kept up as long as an alternative path exists between the two LSRs.
mpls ldp session protection [vrf vpn-name] [for acl] [duration seconds]
The access list (acl) you configure lets you specify the LDP peers that should be protected. It should hold the LDP Router Identifier of the LDP neighbors that need protection. The duration is the time that the protection (the targeted LDP session) should remain in place after the LDP link adjacency has gone down. The default value is infinite. For the protection to work, you need to enable it on both the LSRs. If this is not possible, you can enable it on one LSR, and the other LSR can accept the targeted LDP Hellos by configuring the following command
mpls ldp discovery targeted–hello accept
LDP Graceful Restart
It specifies a mechanism for LDP peers to preserve the MPLS forwarding state when the LDP session goes down. As such, traffic can continue to be forwarded without interruption, even when the LDP session restarts.
