beautypg.com

Configuring ldp md5 authentication, Configuring ldp label filtering – H3C Technologies H3C S10500 Series Switches User Manual

Page 74

background image

63

NOTE:

The loop detection modes configured on two LDP peers must be the same. Otherwise, the LDP session
cannot be established.

To implement loop detection in an MPLS domain, you must enable loop detection on every LSR in the
MPLS domain.

Configure loop detection before enabling LDP capability on any interface.

All loop detection configurations take effect for only the LSPs established after the configurations.
Changing the loop detection configurations does not affect existing LSPs. You can execute the reset mpls

ldp command in user view, so that the loop detection configurations also take effect for existing LSPs.

LDP loop detection can result in LSP update, which will generate redundant information and consume
many system resources. H3C recommends configuring the routing protocol’s loop detection mechanism.

Configuring LDP MD5 authentication

LDP sessions are established based on TCP connections. To improve the security of LDP sessions, you can

configure MD5 authentication for the underlying TCP connections, so that the TCP connections can be

established only if the peers have the same authentication password.
Follow these steps to configure LDP MD5 authentication:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter MPLS LDP view

mpls ldp

Enable LDP MD5 authentication
and set the password

md5-password { cipher | plain }
peer-lsr-id password

Required
Disabled by default

NOTE:

To establish an LDP session successfully between two LDP peers, ensure the LDP MD5 authentication
configurations on the LDP peers are consistent.

Configuring LDP label filtering

The LDP label filtering feature provides two mechanisms, label acceptance control for controlling which

labels are accepted and label advertisement control for controlling which labels are advertised. In

complicated MPLS network environments, LDP label filtering can be used to control which LSPs are to be
established dynamically and prevent devices from accepting and advertising excessive label bindings.

1.

Label acceptance control

Label acceptance control is for filtering received label bindings. An upstream LSR filters the label

bindings received from the specified downstream LSR and accepts only those permitted by the specified

prefix list. As shown in

Figure 19

, upstream device LSR A filters the label bindings received from

downstream device LSR B. Only if the destination address of an FEC matches the specified prefix list,

does LSR A accept the label binding of the FEC from LSR B. LSR A does not filter label bindings received

from downstream device LSR C.