Configuring ldp md5 authentication, Configuring ldp label filtering, Label acceptance control – H3C Technologies H3C SR8800 User Manual
Page 29
18
NOTE:
•
The loop detection modes configured on two LDP peers must be the same. Otherwise, the LDP session
cannot be established.
•
To implement loop detection in an MPLS domain, you need to enable loop detection on every LSR in the
MPLS domain.
•
You need to configure loop detection before enabling LDP capability on any interface.
•
All loop detection configurations take effect for only the LSPs established after the configurations.
Changing the loop detection configurations does not affect existing LSPs. You can execute the reset mpls
ldp command in user view, so that the loop detection configurations also take effect for existing LSPs.
•
LDP loop detection may result in LSP update, which will generate redundant information and consume
many system resources, H3C recommends configuring the routing protocol’s loop detection mechanism.
Configuring LDP MD5 authentication
LDP sessions are established based on TCP connections. To improve the security of LDP sessions, you can
configure MD5 authentication for the underlying TCP connections, so that the TCP connections can be
established only if the peers have the same authentication password.
To configure LDP MD5 authentication:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter MPLS LDP view.
mpls ldp
N/A
3.
Enable LDP MD5 authentication
and set the password.
md5-password { cipher | plain }
peer-lsr-id password
Disabled by default
NOTE:
To establish an LDP session successfully between two LDP peers, make sure that the LDP MD5
authentication configurations on the LDP peers are consistent.
Configuring LDP label filtering
The LDP label filtering feature provides two mechanisms, label acceptance control for controlling which
labels will be accepted and label advertisement control for controlling which labels will be advertised. In
complicated MPLS network environments, LDP label filtering can be used to control which LSPs are to be
established dynamically and prevent routers from accepting and advertising excessive label bindings.
Label acceptance control
Label acceptance control is for filtering received label bindings. An upstream LSR filters the label
bindings received from the specified downstream LSR and accepts only those permitted by the specified
prefix list. As shown in
, upstream router LSR A filters the label bindings received from
downstream router LSR B. Only if the destination address of an FEC matches the specified prefix list, does
LSR A accept the label binding of the FEC from LSR B. LSR A does not filter label bindings received from
downstream router LSR C.