The (Unofficial) CCNP-SP Study Guide
  • About
    • About the Author
    • About This Study Guide
  • MPLS
    • LDP
      • LDP Transport Address
      • LDP Conditional Advertisement
      • LDP Authentication
      • LDP/IGP Sync
      • LDP Session Protection
    • MPLS-TE
      • MPLS-TE Basics, Pt. 1 (TED)
      • MPLS-TE Basics, Pt.2 (RSVP)
      • MPLS-TE Basics, Pt.3 (CSPF)
      • MPLS-TE Basics, Pt.4 (Routing)
      • MPLS-TE Fast Reroute (FRR)
      • MPLS-TE with OSPF
    • Unified MPLS
    • Segment Routing
      • Introduction, Theory Pt.1
      • Introduction, Lab (OSPF) Pt.2
      • Introduction, Lab (ISIS) Pt. 3
      • Multi-Area/Level Segment Routing
      • Segment Routing using BGP
      • Migrating LDP to SR
      • LDP/SR Interworking
      • TI-LFA Pt. 1 (Theory)
      • TI-LFA Pt. 2 (Implementation)
      • TI-LFA Pt. 3 (Node and SRLG Protection)
      • SR-TE Pt. 1 (Overview)
      • SR-TE Pt. 2 (Creating an SR-TE Policy)
      • SR-TE Pt. 3 (Using a PCE)
      • SR-TE Pt. 4 (Automated Steering)
      • SR-TE Pt. 5 (On-Demand Nexthop)
      • SR-TE Pt. 6 (Flex Algo)
    • MPLS OAM
      • Classic Traceroute Behavior in MPLS Networks
      • LSP Ping
      • LSP Traceroute
  • Routing
    • BGP
      • BGP Synchronization
      • BGP Load Sharing (Multipath)
      • An Intuitive Look at Path Attributes
      • AS Path Prepending on XE and XR
      • RPL
    • BGP Security
      • BGP TTL Security, Pt. 1
      • BGP TTL Security, Pt. 2 (IOS-XE)
      • BGP TTL Security, Pt. 3 (IOS-XR)
      • BGP MD5 Authentication
      • BGP Maximum Prefixes
      • BGP RFD (Route Flap Dampening)
      • RTBH
      • Flowspec
      • BGPsec
    • L3VPN
      • An In-Depth Look at RD and RT, Pt. 1
      • An In-Depth Look at RD and RT, Pt. 2
      • An In-Depth Look at RD and RT, Pt. 3
      • An In-Depth Look at RD and RT, Pt. 4
      • Inter-AS L3VPN Pt. 1, Overview
      • Inter-AS L3VPN Pt. 2, Option A
      • Inter-AS L3VPN Pt. 3, Option B
      • Inter-AS L3VPN Pt. 4, Option C
      • CSC (Carrier Supporting Carrier)
      • PE NAT
    • OSPF
      • Type 7 to Type 5 Translation
      • OSPF Authentication
      • Troubleshooting OSPF Adjacencies
      • OSPFv3 LSA Types
      • OSPFv3 LSAs Example (Single Area)
    • ISIS
      • The Potential for Asymmetric Routing with Multi-Area ISIS
      • Interarea Routing is Distance-Vector
      • Basic ISIS - LSPDB
      • Multitopology
      • What is the role of CLNS and CLNP in ISIS?
      • Troubleshooting ISIS Adjacencies
    • IPv6 Transition
      • Overview
      • NAT64
      • 6to4
      • 6RD (IPv6 Rapid Deployment)
      • DS Lite (Dual Stack Lite)
      • MAP (Mapping of Address and Port)
      • Tunneling IPv6 Dynamic Routing Protocols over IPv4
    • Multicast
      • Introduction
      • IP and MAC Addressing
      • Tree Formation and Packet Forwarding
      • IGMP
      • PIM-DM (Dense Mode)
      • PIM-SM (Sparse Mode)
      • PIM-SM SPT Switchover
      • PIM-SM Tunnel Interfaces
      • PIM DR and the Assert Message
      • PIM-SM RP Discovery
      • PIM-BiDir
      • PIM-SSM (Source-Specific Multicast)
      • Interdomain Multicast (PIM-SM)
      • IPv6 Multicast
      • mVPN Introduction
      • mVPN Profile 0
      • mVPN Profile 1
      • Multicast Routing on IOS-XR
  • L2VPN & Ethernet
    • IOS-XE Ethernet Services
      • Service Instances
      • E-Line
      • E-LAN (VPLS)
      • E-Tree
      • E-Access
      • VPLS with BGP Autodiscovery
      • Martini/Kompella Circuits
    • EVPN
      • Introduction to EVPN
      • Learning EVPN VXLAN First
      • E-Line (EVPN VPWS)
      • E-Line (EVPN VPWS) on IOS-XR
      • E-Line (EVPN VPWS) Multi-Homed
      • E-LAN (EVPN Single-Homed)
    • Carrier Ethernet
      • 802.1ah (MAC-in-MAC)
      • 802.3ah (Ethernet OAM)
      • 802.1ag (CFM)
      • Cisco REP (Resilient Ethernet Protocol)
      • ITU G.8032 ERPS (Ethernet Ring Protection Switching)
  • Security
    • CoPP (Control Plane Policing)
    • LPTS (Local Packet Transport Services)
  • Misc
    • QoS
      • QoS Introduction (Part 1)
      • QoS Tools Overview and QoS Models (Part 2)
      • QoS Classification and Marking (Part 3)
      • QoS Queuing/Congestion Management (Part 4)
      • QoS Shaping and Policing (Part 5)
      • QoS for IPv6
      • MPLS QoS Basics
      • MPLS QoS Modes
      • MPLS TE QoS (DS-TE)
      • MPLS TE CBTS/PBTS
    • Automation and Assurance
      • NSO
      • NSO Command Cheat Sheet
      • Intro to YANG/NETCONF
      • YANG In-Depth
      • NETCONF In-Depth
      • RESTCONF
      • Model-Driven Telemetry
      • Automation Tool Comparison
      • Netflow
      • SNMP
    • Virtualization
      • NFV (Network Function Virtualization)
      • OpenStack
    • Transport
      • xPON
      • SONET/SDH
      • WDM
      • 4G and 5G RAN
    • High Availability (HA)
      • NSF/GR
      • NSR
      • NSF/NSR Whitepapers
      • BFD
      • Link Aggregation on IOS-XE
      • Link Aggregation on IOS-XR
    • IOS Software Overview
  • Labs
    • Lab Challenges
      • How to Use These Labs
      • Basic LDP
      • Advanced LDP
      • BGP Security
      • Unified MPLS
      • BGP Fundamentals
      • Ethernet Services
      • L3VPN Extranet
      • Multicast
      • Inter-area OSPF
      • ISIS
      • MPLS-TE
      • Control Plane Policing
      • QoS
Powered by GitBook
On this page
  • Key Terms
  • Optimizing label allocation
  • Lab
  • IGP Prefix Suppression
  1. MPLS
  2. LDP

LDP Conditional Advertisement

Key Terms

This will be a short article on configuring conditional label advertisement in LDP. We’ll start with defining some key terms regarding how LDP advertises labels by default.

LDP operates in downstream unsolicited mode. This means that the LSR doesn’t wait for its LDP neighbor to request a label for a FEC. Instead, the LSR sends bindings for all routes that it has to all of its LDP neighbors.

In comparison, RSVP-TE operates in downstream on demand mode. This is because labels are only advertised when requestsed using a PATH message. A router won’t advertise a label for a FEC “on its own.” It only does so when the headend requests the path be setup.

LDP also operates in liberal retention mode, meaning each router stores all labels received by all neighbors, even if the neighbor is not currently the next-hop for the route.

You can view all stored labels in the FIB, by using the command show mpls ldp bindings. You can view the in-use labels in the LFIB, by using show mpls forwarding. These are the labels advertised by the next-hop for the route. The relationship between the FIB and LFIB is roughly similar to the way the BGP table stores all routes from all neighbors, but only the best route is sent to the RIB.

Optimizing label allocation

By default LDP will allocate a label for every IGP prefix, including connected interfaces that are part of the IGP. Often this is not really necessary, because in most topologies, every LSP will be terminating on the loopback of the egress PE. It is not really necessary to have a label for the IP of a physical interface, because the physical interface itself is never the destination of an LSP.

Lab

We’ll use the L3VPN lab topology from the RD/RT articles:

Refer to that article here if you want a reference to set up the base configs. We will use OSPF and enable LDP on all core interfaces.

Let’s examine the FIB of P3:

P3#show mpls ldp bindings 
  lib entry: 1.1.1.1/32, rev 2
        local binding:  label: 16
        remote binding: lsr: 1.1.1.1:0, label: imp-null
        remote binding: lsr: 2.2.2.2:0, label: 24000
  lib entry: 2.2.2.2/32, rev 10
        local binding:  label: 17
        remote binding: lsr: 2.2.2.2:0, label: imp-null
        remote binding: lsr: 1.1.1.1:0, label: 18
  lib entry: 3.3.3.3/32, rev 4
        local binding:  label: imp-null
        remote binding: lsr: 1.1.1.1:0, label: 16
        remote binding: lsr: 2.2.2.2:0, label: 24001
  lib entry: 10.1.3.0/24, rev 6
        local binding:  label: imp-null
        remote binding: lsr: 1.1.1.1:0, label: imp-null
        remote binding: lsr: 2.2.2.2:0, label: 24002
  lib entry: 10.2.3.0/24, rev 8
        local binding:  label: imp-null
        remote binding: lsr: 1.1.1.1:0, label: 17
        remote binding: lsr: 2.2.2.2:0, label: imp-null

The bindings for 10.1.3.0/24 and 10.2.3.0/24 serve no purpose in our topology. The LSPs for the L3VPN traffic terminate on the PE1 and PE2 loopbacks, so storing the labels for these /24s is just a waste of memory.

We can control the advertisement of labels in LDP. To do this we have to configure the router to stop advertising all labels, and configure the router to only advertise labels matching an ACL. This is a little confusing at first, but makes sense if you think about the fact that LDP advertises all labels by default. So if you simply advertise the labels matching the ACL, you are still advertising all other labels. It makes more sense once you see the config:

#PE1
ip access-list standard LOOPBACKS
 permit 1.1.1.1
!
ip access-list standard NEIGHBORS
 permit any
!
mpls ldp advertise-labels for LOOPBACKS to NEIGHBORS


#P3
ip access-list standard LOOPBACKS
 permit 1.1.1.1
 permit 2.2.2.2
 permit 3.3.3.3
!
ip access-list standard NEIGHBORS
 permit any
!
mpls ldp advertise-labels for LOOPBACKS to NEIGHBORS
no mpls ldp advertise-labels

#PE2
ipv4 access-list LOOPBACKS
 permit ipv4 host 2.2.2.2 any
!
ipv4 access-list NEIGHBORS
 permit ipv4 any any
!
mpls ldp address-family ipv4 label local advertise for LOOPBACKS to NEIGHBORS
mpls ldp address-family ipv4 label local advertise disable

Let’s examine the LIB on P3:

P3#show mpls ldp bindings 
  lib entry: 1.1.1.1/32, rev 2
        local binding:  label: 16
        remote binding: lsr: 1.1.1.1:0, label: imp-null
  lib entry: 2.2.2.2/32, rev 10
        local binding:  label: 17
        remote binding: lsr: 2.2.2.2:0, label: imp-null
  lib entry: 3.3.3.3/32, rev 4
        local binding:  label: imp-null
  lib entry: 10.1.3.0/24, rev 6
        local binding:  label: imp-null
  lib entry: 10.2.3.0/24, rev 8
        local binding:  label: imp-null

Now there are no remote bindings for the /24s, but there are still local bindings. There is a better way that we can configure this, which is to limit the local label allocation to only /32 prefixes. Right now we still allocate labels for all prefixes, but limit which bindings we advertise. The benefit of limiting local allocation is that it is a more elegant solution as well.

#PE1
mpls ldp advertise-labels
no mpls ldp advertise-labels for LOOPBACKS to NEIGHBORS
mpls ldp label
 allocate global host-routes

#P3
mpls ldp advertise-labels
no mpls ldp advertise-labels for LOOPBACKS to NEIGHBORS
mpls ldp label
 allocate global host-routes

#PE2
no mpls ldp address-family ipv4 label local advertise for LOOPBACKS to NEIGHBORS
no mpls ldp address-family ipv4 label local advertise disable
mpls ldp address-family ipv4 label local allocate for host-routes

Now there are no local bindings for the /24s, and we didn’t have to configure and maintain ACLs!

P3#show mpls ldp bindings 
  lib entry: 1.1.1.1/32, rev 2
        local binding:  label: 16
        remote binding: lsr: 1.1.1.1:0, label: imp-null
        remote binding: lsr: 2.2.2.2:0, label: 24000
  lib entry: 2.2.2.2/32, rev 10
        local binding:  label: 17
        remote binding: lsr: 2.2.2.2:0, label: imp-null
        remote binding: lsr: 1.1.1.1:0, label: 18
  lib entry: 3.3.3.3/32, rev 4
        local binding:  label: imp-null
        remote binding: lsr: 1.1.1.1:0, label: 16
        remote binding: lsr: 2.2.2.2:0, label: 24001
  lib entry: 10.1.3.0/24, rev 11
        no local binding
  lib entry: 10.2.3.0/24, rev 12
        no local binding

Do you notice anything else that is different? Now PE1 and PE2 advertise labels for all /32s, not just their own. (Of course, we controlled the ACLs, so we could have added all /32s to the prefix list). This is allows for FRR (fast re-route), which isn’t a possibility in this particular topology, but could be in other topologies. A router should advertise labels for all /32s for which it is a next-hop in its neighbor’s RIB. Additionally the router should advertise labels for /32s which it could become the neighbor’s nexthop upon link or node failure in the network. Therefore it’s probably easiest to just let each router advertise labels for all /32s altogether, instead of maintaining an ACL of all necessary loopbacks.

IGP Prefix Suppression

While there are no bindings for the /24s any more, they are still in the routing table. The IGP still advertises them, but did you know that we can get rid of these as well?

Currently PE2 has 10.1.3.0/24 in its routing table, but there’s no need for it:

RP/0/0/CPU0:PE2#show route ospf
Thu Jul 21 03:30:51.970 UTC

O    1.1.1.1/32 [110/3] via 10.2.3.3, 3d11h, GigabitEthernet0/0/0/0
O    3.3.3.3/32 [110/2] via 10.2.3.3, 3d11h, GigabitEthernet0/0/0/0
O    10.1.3.0/24 [110/2] via 10.2.3.3, 00:23:42, GigabitEthernet0/0/0/0

Using the prefix-suppression feature in OSPF, we can tell the router to suppress the subnets for the transit links, and only advertise the loopbacks.

#PE1, P3, PE2
router ospf 1
 prefix-suppression

The /24 is no longer in PE2’s routing table:

RP/0/0/CPU0:PE2#show route ospf
Thu Jul 21 03:34:30.535 UTC

O    1.1.1.1/32 [110/3] via 10.2.3.3, 3d11h, GigabitEthernet0/0/0/0
O    3.3.3.3/32 [110/2] via 10.2.3.3, 3d11h, GigabitEthernet0/0/0/0

You might wonder, how does PE2 know to use 10.2.3.3 for the next hop if 10.2.3.0/24 is no longer advertised in OSPF? The answer is that P3 advertises the IP address of its interface in the router LSA:

show ospf data router adv-router 3.3.3.3
<snip>
Link connected to: a Stub Network
     (Link ID) Network/subnet number: 3.3.3.3
     (Link Data) Network Mask: 255.255.255.255
      Number of TOS metrics: 0
       TOS 0 Metrics: 1

    Link connected to: another Router (point-to-point)
     (Link ID) Neighboring Router ID: 2.2.2.2
     
      Number of TOS metrics: 0
       TOS 0 Metrics: 1

PE2 uses the interface address it learns from this LSA as the nexthop in its own RIB for prefixes reachable via P3. When you have dozens of transit links, this can make a big difference to the aesthetic of the routing table, and can ease troubleshooting.

PreviousLDP Transport AddressNextLDP Authentication

Last updated 1 year ago