beautypg.com

Ldp inbound-fec filtering, Configuring ldp inbound fec filtering, Configuration considerations – Brocade Multi-Service IronWare Multiprotocol Label Switch (MPLS) Configuration Guide (Supporting R05.6.00) User Manual

Page 323: Enabling ldp inbound fec filtering

background image

Multi-Service IronWare Multiprotocol Label Switch (MPLS) Configuration Guide

299

53-1003031-02

LDP Inbound-FEC filtering

2

LDP Inbound-FEC filtering

MPLS LDP inbound-FEC filtering filters inbound label bindings on a MPLS router. The user can
control the amount of memory and CPU processing involved in installing and advertising label
bindings not used for forwarding.

MPLS LDP inbound-FEC filtering also serves as a tool to avoid DOS attack. By creating a prefix-list,
and specifying prefixes label mappings, the forwarding plane accepts and installs the label
bindings.

The prefix-list is applied to an individual LDP session or globally to all the LDP sessions.

Configuration Considerations

The FECs filtered by LDP inbound-FEC filter do not install in the forwarding plane or advertise to
the upstream neighbors. The FEC remains in the retained state.

The LDP inbound-FEC filter are changed directly without deleting the one previously
configured. The change automatically applies and triggers the filtering of inbound FECs.

Changes to a referenced prefix-list automatically applies to LDP inbound-FEC filtering. This
triggers filtering by way of the new configuration, filtering any existing FECs which violate the
filter.

In order to allow multiple route filter updates, the device waits for default 10 seconds before
notifying the application of the filter change. The time for notification is configurable.

When the LDP inbound-FEC filter is not configured, LDP does not filter any inbound FECs.

By default, when the prefix-list referenced by the LDP inbound-FEC filter has no configuration, it
is an implicit deny. All inbound FECs are filtered out and retained. The behavior is the same
when the prefix list is deleted after setting it in the inbound FEC filter configuration. This
behavior is consistent with other protocols which use device filters and also with the use of the
advertise-labels command for LDP route injection.

Inbound FEC filtering is applicable only for L3 FECs and not for VC FECs. Inbound FEC filtering
is not applicable for L2VPNs.

Configuring LDP inbound FEC filtering

Enabling LDP inbound FEC filtering

To enable LDP inbound FEC filtering, enter commands such as the following:

Brocade(config)# router

Brocade(config-mpls)# ldp

Brocade(config-mpls-ldp)# filter-fec list-abc in

To set LDP to accept inbound FEC 10.20.20.0/24 and filter out all others FECs, enter commands
such as the following:

Brocade(config)# ip prefix-list list-abc permit 10.20.20.0/24

Brocade(config)# router mpls

Brocade(config-mpls)# ldp

Syntax: [no] filter-fec prefix-list in

See also other documents in the category Brocade Computer Accessories: