5 md5 password protection, 6 using ldp filters, Md5 password protection -24 – Riverstone Networks WICT1-12 User Manual

Page 332: Using ldp filters -24

Advertising
background image

17-24 Riverstone Networks RS Switch Router User Guide Release 8.0

LDP Configuration

MPLS Configuration

17.4.5

MD5 Password Protection

Since LDP uses TCP as its transport, you can use the IETF standard MD5 signature option to protect LDP session
connections. Use the

ldp set md5-password

command to set an MD5 password on a per-router, per-interface, or

per-peer basis.

For example, the following command sets the MD5 password ‘p55717’ for LDP sessions with the peer
100.100.100.102:

In the above example, if you omit the

peer

keyword and IP address, the MD5 password is applied to all LDP sessions

on the router.

17.4.6

Using LDP Filters

With MPLS, there is no way to restrict which FECs are or are not bound to labels. You can, however, create and apply
LDP filters that restrict the label bindings that are sent from downstream LSRs to upstream LSRs. You can also create
and apply LDP filters that restrict the label requests that an upstream LSR can send to a downstream LSR.

If an upstream LSR does not have label binding information for a specific FEC, it will route packets based on
information in the IP routing table. However, if there are several paths of equal cost to the same destination, LDP filters
can exclude next-hops from considerations.

On the RS, you can define an LDP filter for:

outgoing label requests—use the

ldp add export-filter request

command.

incoming label requests—use the

ldp add import-filter request

command.

outgoing label bindings—use the

ldp add export-filter mapping

command.

incoming label bindings—use the

ldp add import-filter mapping

command.

Note

A filtered incoming label binding will still appear in the LDP input label database
(displayed with the

ldp show database verbose

command) on the local

router, but will not be considered for LSP establishment. A filtered outgoing label
binding is not advertised to the specified neighbor LSR, although it will still be
advertised to other LDP neighbors and considered by the local router for LSP
establishment.

ldp set md5-password p55717 peer 100.100.100.102

Advertising
Popular Brands
Popular manuals