Configuring ldp md5 authentication, Configuring ldp label filtering – H3C Technologies H3C S10500 Series Switches User Manual
Page 74
63
NOTE:
•
The loop detection modes configured on two LDP peers must be the same. Otherwise, the LDP session
cannot be established.
•
To implement loop detection in an MPLS domain, you must enable loop detection on every LSR in the
MPLS domain.
•
Configure loop detection before enabling LDP capability on any interface.
•
All loop detection configurations take effect for only the LSPs established after the configurations.
Changing the loop detection configurations does not affect existing LSPs. You can execute the reset mpls
ldp command in user view, so that the loop detection configurations also take effect for existing LSPs.
•
LDP loop detection can result in LSP update, which will generate redundant information and consume
many system resources. H3C recommends configuring the routing protocol’s loop detection mechanism.
Configuring LDP MD5 authentication
LDP sessions are established based on TCP connections. To improve the security of LDP sessions, you can
configure MD5 authentication for the underlying TCP connections, so that the TCP connections can be
established only if the peers have the same authentication password.
Follow these steps to configure LDP MD5 authentication:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter MPLS LDP view
mpls ldp
—
Enable LDP MD5 authentication
and set the password
md5-password { cipher | plain }
peer-lsr-id password
Required
Disabled by default
NOTE:
To establish an LDP session successfully between two LDP peers, ensure the LDP MD5 authentication
configurations on the LDP peers are consistent.
Configuring LDP label filtering
The LDP label filtering feature provides two mechanisms, label acceptance control for controlling which
labels are accepted and label advertisement control for controlling which labels are advertised. In
complicated MPLS network environments, LDP label filtering can be used to control which LSPs are to be
established dynamically and prevent devices from accepting and advertising excessive label bindings.
1.
Label acceptance control
Label acceptance control is for filtering received label bindings. An upstream LSR filters the label
bindings received from the specified downstream LSR and accepts only those permitted by the specified
prefix list. As shown in
, upstream device LSR A filters the label bindings received from
downstream device LSR B. Only if the destination address of an FEC matches the specified prefix list,
does LSR A accept the label binding of the FEC from LSR B. LSR A does not filter label bindings received
from downstream device LSR C.