LDP MD5 Password For Auto Targeted Sessions
A basic mechanism using Loop-Free Alternates (LFAs) is described in RFC5286 that provides good repair coverage in many topologies, especially those that are highly meshed.
However, some topologies, notably ring-based topologies, are not well protected by LFAs alone. This is because there is no neighbor of the Point of Local Repair (PLR) that has a cost to the destination via a path that does not traverse the failure that is cheaper than the cost to the destination via the failure.
When LDP RLFA creates a virtual path in the network to provide an alternate path, it uses MPLS labels distributed by a targeted session between the local node and the PLR (PQ node), the session is established without any MD5 Password protection mechanism, as it is only available for non-automatic targeted sessions. A set of configurable options will be provided to associate MD5 passwords to the auto-targeted sessions .
Topology
Figure 7-8 shows the configuration required to enable the RLFA feature.
RLFA Topology
Configuration
RTR 1
#configure terminal | Enter configure mode. |
(config)#router ldp | Enable LDP process |
(config-router)#fast-reroute | Enable LDP FRR |
(config-router)#auto-targeted-session | To Allow creating TLDP session dynamically |
(config-router)#neighbor auto-targeted auth md5 password plain-text test2 | Configure md5 authentication for auto-targeted peers |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config-router)#exit | Exit LDP process |
(config)#router rsvp | Enable RSPVP |
(config-router)#srlg-disjoint forced | Configure srlg to enable mpls-TE |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config)#interface xe1 | Enter interface mode. |
(config-if)#ip address 10.1.1.1/24 | Configure the IP address of the interface. |
(config-if)#ip ospf cost 10 | Configure the ospf cost |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)#enable-ldp ipv4 | Enable ldp process on xe1 interface |
(config-if)#mpls traffic-eng srlg 11 | Enable Mpls-TE |
(config-if)#commit | Commit the candidate configuration to the running configuration |
(config-if)#exit | Exit interface mode. |
(config)#interface xe2 | Enter interface mode. |
(config-if)#ip address 60.1.1.1/24 | Configure the IP address of the interface. |
(config-if)#ip ospf cost 10 | Configure ospf cost |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)#mpls traffic-eng srlg 11 | Enable mpls-TE |
(config-if)#enable-ldp ipv4 | Enable ldp process on xe2 interface |
(config-if)#commit | Commit the candidate configuration to the running configuration |
(config-if)#exit | Exit interface mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip address 1.1.1.1/32 secondary | Configure the IP address of the interface |
(config-if)#exit | Exit interface mode. |
(config)#router ospf 1 | Create an ospf instance |
(config-router)# ospf router-id 1.1.1.1 | Configure router id |
(config-router)# bfd all-interfaces | Configure bfd |
(config-router)# timers spf exp 50 50 | Configure the ospf timers |
(config-router)# timers throttle lsa all 0 1 1 | Configure the ospf timer lsa throttle |
(config-router)# timers lsa arrival 1 | Configure the ospf timer lsa arrival |
(config-router)# fast-reroute per-prefix remote-lfa area 0.0.0.0 tunnel mpls-ldp | . Configure Remote LFA to calculate backup paths to those destinations whichever does not satisfy basic LFA FRR inequalities |
(config-router)# network 1.1.1.1/32 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)# network 10.1.1.0/24 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)# network 60.1.1.0/24 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config-router)#end | Exit router mode. |
(config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd interval globally |
RTR 2
#configure terminal | Enter configure mode. |
(config)#router ldp | Enable LDP process |
(config-router)#fast-reroute | Enable LDP FRR |
(config-router)#auto-targeted-session | To Allow creating TLDP session dynamically |
(config-router)#neighbor auto-targeted auth md5 password plain-text test2 | Configure md5 authentication for auto-targeted peers |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config-router)#exit | Exit LDP process |
(config)#router rsvp | Enable RSPVP |
(config-router)#srlg-disjoint forced | Configure srlg to enable mpls-TE |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config)#interface xe2 | Enter interface mode. |
(config-if)#ip address 10.1.1.2/24 | Configure the IP address of the interface. |
(config-if)#ip ospf cost 10 | Configure the ospf cost |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)#enable-ldp ipv4 | Enable ldp process on xe1 interface |
(config-if)#mpls traffic-eng srlg 11 | Enable Mpls-TE |
(config-if)#commit | Commit the candidate configuration to the running configuration |
(config-if)#exit | Exit interface mode. |
(config)#interface xe1 | Enter interface mode. |
(config-if)#ip address 20.1.1.1/24 | Configure the IP address of the interface. |
(config-if)#ip ospf cost 10 | Configure ospf cost |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)#mpls traffic-eng srlg 11 | Enable mpls-TE |
(config-if)#enable-ldp ipv4 | Enable ldp process on xe2 interface |
(config-if)#commit | Commit the candidate configuration to the running configuration |
(config-if)#exit | Exit interface mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip address 2.2.2.2/32 secondary | Configure the IP address of the interface |
(config-if)#exit | Exit interface mode. |
(config)#router ospf 1 | Create an ospf instance |
(config-router)# ospf router-id 2.2.2.2 | Configure router id |
(config-router)# bfd all-interfaces | Configure bfd |
(config-router)# timers spf exp 50 50 | Configure the ospf timers |
(config-router)# timers throttle lsa all 0 1 1 | Configure the ospf timer lsa throttle |
(config-router)# timers lsa arrival 1 | Configure the ospf timer lsa arrival |
(config-router)# network 2.2.2.2/32 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)# network 10.1.1.0/24 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)# network 20.1.1.0/24 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd interval globally |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#end | Exit router mode. |
RTR 3
#configure terminal | Enter configure mode. |
(config)#router ldp | Enable LDP process |
(config-router)#fast-reroute | Enable LDP FRR |
(config-router)#auto-targeted-session | To Allow creating TLDP session dynamically |
(config-router)#neighbor auto-targeted auth md5 password plain-text test2 | Configure md5 authentication for auto-targeted peers |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config-router)#exit | Exit LDP process |
(config)#router rsvp | Enable RSPVP |
(config-router)#srlg-disjoint forced | Configure srlg to enable mpls-TE |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config)#interface xe2 | Enter interface mode. |
(config-if)#ip address 20.1.1.2/24 | Configure the IP address of the interface. |
(config-if)#ip ospf cost 10 | Configure the ospf cost |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)#enable-ldp ipv4 | Enable ldp process on xe1 interface |
(config-if)#mpls traffic-eng srlg 11 | Enable Mpls-TE |
(config-if)#commit | Commit the candidate configuration to the running configuration |
(config-if)#exit | Exit interface mode. |
(config)#interface xe1 | Enter interface mode. |
(config-if)#ip address 30.1.1.1/24 | Configure the IP address of the interface. |
(config-if)#ip ospf cost 10 | Configure ospf cost |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)#mpls traffic-eng srlg 11 | Enable mpls-TE |
(config-if)#enable-ldp ipv4 | Enable ldp process on xe2 interface |
(config-if)#commit | Commit the candidate configuration to the running configuration |
(config-if)#exit | Exit interface mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip address 3.3.3.3/32 secondary | Configure the IP address of the interface |
(config-if)#exit | Exit interface mode. |
(config)#router ospf 1 | Create an ospf instance |
(config-router)# ospf router-id 3.3.3.3 | Configure router id |
(config-router)# bfd all-interfaces | Configure bfd |
(config-router)# timers spf exp 50 50 | Configure the ospf timers |
(config-router)# timers throttle lsa all 0 1 1 | Configure the ospf timer lsa throttle |
(config-router)# timers lsa arrival 1 | Configure the ospf timer lsa arrival |
(config-router)# network 3.3.3.3/32 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)# network 20.1.1.0/24 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)# network 30.1.1.0/24 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd interval globally |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#end | Exit router mode. |
RTR 4
#configure terminal | Enter configure mode. |
(config)#router ldp | Enable LDP process |
(config-router)#fast-reroute | Enable LDP FRR |
(config-router)#auto-targeted-session | To Allow creating TLDP session dynamically |
(config-router)#neighbor auto-targeted auth md5 password plain-text test2 | Configure md5 authentication for auto-targeted peers |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config-router)#exit | Exit LDP process |
(config)#router rsvp | Enable RSPVP |
(config-router)#srlg-disjoint forced | Configure srlg to enable mpls-TE |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config)#interface xe2 | Enter interface mode. |
(config-if)#ip address 30.1.1.2/24 | Configure the IP address of the interface. |
(config-if)#ip ospf cost 10 | Configure the ospf cost |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)#enable-ldp ipv4 | Enable ldp process on xe1 interface |
(config-if)#mpls traffic-eng srlg 11 | Enable Mpls-TE |
(config-if)#commit | Commit the candidate configuration to the running configuration |
(config-if)#exit | Exit interface mode. |
(config)#interface xe1 | Enter interface mode. |
(config-if)#ip address 40.1.1.1/24 | Configure the IP address of the interface. |
(config-if)#ip ospf cost 10 | Configure ospf cost |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)#mpls traffic-eng srlg 11 | Enable mpls-TE |
(config-if)#enable-ldp ipv4 | Enable ldp process on xe2 interface |
(config-if)#commit | Commit the candidate configuration to the running configuration |
(config-if)#exit | Exit interface mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip address 4.4.4.4/32 secondary | Configure the IP address of the interface |
(config-if)#exit | Exit interface mode. |
(config)#router ospf 1 | Create an ospf instance |
(config-router)# ospf router-id 4.4.4.4 | Configure router id |
(config-router)# bfd all-interfaces | Configure bfd |
(config-router)# timers spf exp 50 50 | Configure the ospf timers |
(config-router)# timers throttle lsa all 0 1 1 | Configure the ospf timer lsa throttle |
(config-router)# timers lsa arrival 1 | Configure the ospf timer lsa arrival |
(config-router)# network 4.4.4.4/32 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)# network 40.1.1.0/24 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)# network 30.1.1.0/24 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd interval globally |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#end | Exit router mode. |
RTR 5
#configure terminal | Enter configure mode. |
(config)#router ldp | Enable LDP process |
(config-router)#fast-reroute | Enable LDP FRR |
(config-router)#auto-targeted-session | To Allow creating TLDP session dynamically |
(config-router)#neighbor auto-targeted auth md5 password plain-text test2 | Configure md5 authentication for auto-targeted peers |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config-router)#exit | Exit LDP process |
(config)#router rsvp | Enable RSPVP |
(config-router)#srlg-disjoint forced | Configure srlg to enable mpls-TE |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config)#interface xe2 | Enter interface mode. |
(config-if)#ip address 40.1.1.2/24 | Configure the IP address of the interface. |
(config-if)#ip ospf cost 10 | Configure the ospf cost |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)#enable-ldp ipv4 | Enable ldp process on xe1 interface |
(config-if)#mpls traffic-eng srlg 11 | Enable Mpls-TE |
(config-if)#commit | Commit the candidate configuration to the running configuration |
(config-if)#exit | Exit interface mode. |
(config)#interface xe1 | Enter interface mode. |
(config-if)#ip address 50.1.1.1/24 | Configure the IP address of the interface. |
(config-if)#ip ospf cost 10 | Configure ospf cost |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)#mpls traffic-eng srlg 11 | Enable mpls-TE |
(config-if)#enable-ldp ipv4 | Enable ldp process on xe2 interface |
(config-if)#commit | Commit the candidate configuration to the running configuration |
(config-if)#exit | Exit interface mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip address 5.5.5.5/32 secondary | Configure the IP address of the interface |
(config-if)#exit | Exit interface mode. |
(config)#router ospf 1 | Create an ospf instance |
(config-router)# ospf router-id 5.5.5.5 | Configure router id |
(config-router)# bfd all-interfaces | Configure bfd |
(config-router)# timers spf exp 50 50 | Configure the ospf timers |
(config-router)# timers throttle lsa all 0 1 1 | Configure the ospf timer lsa throttle |
(config-router)# timers lsa arrival 1 | Configure the ospf timer lsa arrival |
(config-router)# network 5.5.5.5/32 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)# network 50.1.1.0/24 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)# network 40.1.1.0/24 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd interval globally |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#end | Exit router mode. |
RTR 6
#configure terminal | Enter configure mode. |
(config)#router ldp | Enable LDP process |
(config-router)#fast-reroute | Enable LDP FRR |
(config-router)#auto-targeted-session | To Allow creating TLDP session dynamically |
(config-router)#neighbor auto-targeted auth md5 password plain-text test2 | Configure md5 authentication for auto-targeted peers |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config-router)#exit | Exit LDP process |
(config)#router rsvp | Enable RSPVP |
(config-router)#srlg-disjoint forced | Configure srlg to enable mpls-TE |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config)#interface xe2 | Enter interface mode. |
(config-if)#ip address 50.1.1.2/24 | Configure the IP address of the interface. |
(config-if)#ip ospf cost 10 | Configure the ospf cost |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)#enable-ldp ipv4 | Enable ldp process on xe1 interface |
(config-if)#mpls traffic-eng srlg 11 | Enable Mpls-TE |
(config-if)#commit | Commit the candidate configuration to the running configuration |
(config-if)#exit | Exit interface mode. |
(config)#interface xe1 | Enter interface mode. |
(config-if)#ip address 60.1.1.2/24 | Configure the IP address of the interface. |
(config-if)#ip ospf cost 10 | Configure ospf cost |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)#mpls traffic-eng srlg 11 | Enable mpls-TE |
(config-if)#enable-ldp ipv4 | Enable ldp process on xe2 interface |
(config-if)#commit | Commit the candidate configuration to the running configuration |
(config-if)#exit | Exit interface mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip address 6.6.6.6/32 secondary | Configure the IP address of the interface |
(config-if)#exit | Exit interface mode. |
(config)#router ospf 1 | Create an ospf instance |
(config-router)# ospf router-id 6.6.6.6 | Configure router id |
(config-router)# bfd all-interfaces | Configure bfd |
(config-router)# timers spf exp 50 50 | Configure the ospf timers |
(config-router)# timers throttle lsa all 0 1 1 | Configure the ospf timer lsa throttle |
(config-router)# timers lsa arrival 1 | Configure the ospf timer lsa arrival |
(config-router)# network 6.6.6.6/32 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)# network 50.1.1.0/24 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)# network 60.1.1.0/24 area 0.0.0.0 | Configure the network command to advertise the prefixes |
(config-router)#commit | Commit the candidate configuration to the running configuration |
(config)# bfd interval 3 minrx 3 multiplier 3 | Configure bfd interval globally |
(config)#commit | Commit the candidate configuration to the running configuration |
(config)#end | Exit router mode. |
Validation
RTR 1
Check LDP neighborship before enabling RLFA
Rtr1#sh ldp session
Peer IP Address IF Name My Role State KeepAlive UpTime
2.2.2.2 xe20 Passive OPERATIONAL 30 00:02:43
6.6.6.6 ge10 Passive OPERATIONAL 30 00:00:30
Check the output of "show ip ospf neighbors" to verify that ospf adjacency is up.
Rtr1#sh ip ospf neighbor
Total number of full neighbors: 2
OSPF process 1 VRF(default):
Neighbor ID Pri State Dead Time Address Interface
Instance ID
2.2.2.2 1 Full/Backup 00:00:39 10.1.1.2 xe20
0
6.6.6.6 1 Full/DR 00:00:35 60.1.1.2 ge10
0
Rtr1#
Check the ospf route installation in the ospf table and RIB table.
Rtr1#sh ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
C 1.1.1.1/32 is directly connected, lo, 00:37:05
O 2.2.2.2/32 [110/11] via 10.1.1.2, xe20, 00:04:49
O 3.3.3.3/32 [110/21] via 10.1.1.2, xe20, 00:04:49
O 4.4.4.4/32 [110/31] via 60.1.1.2, ge10, 00:04:49
[110/31] via 10.1.1.2, xe20
O 5.5.5.5/32 [110/21] via 60.1.1.2, ge10, 00:02:29
O 6.6.6.6/32 [110/11] via 60.1.1.2, ge10, 00:02:29
C 10.1.1.0/24 is directly connected, xe20, 00:33:59
O 20.1.1.0/24 [110/20] via 10.1.1.2, xe20, 00:04:49
O 30.1.1.0/24 [110/30] via 10.1.1.2, xe20, 00:04:49
O 40.1.1.0/24 [110/30] via 60.1.1.2, ge10, 00:02:29
O 50.1.1.0/24 [110/20] via 60.1.1.2, ge10, 00:02:29
C 60.1.1.0/24 is directly connected, ge10, 00:02:36
C 127.0.0.0/8 is directly connected, lo, 00:45:19
Gateway of last resort is not set
Rtr1#
Rtr1#sh ip ospf route
OSPF process 1:
Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
OSPF LFA attributes:
P - Primary, SP - Secondary-Path, LP - Link Protecting,
NP - Node Protecting, BID - Broadcast Link Protecting
DP - Downstream Protecting
C 1.1.1.1/32 [1] is directly connected, lo, Area 0.0.0.0
O 2.2.2.2/32 [11] via 10.1.1.2, xe20, Area 0.0.0.0
O 3.3.3.3/32 [21] via 10.1.1.2, xe20, Area 0.0.0.0
O 4.4.4.4/32 [31] via 10.1.1.2, xe20, Area 0.0.0.0
via 60.1.1.2, ge10, Area 0.0.0.0
O 5.5.5.5/32 [21] via 60.1.1.2, ge10, Area 0.0.0.0
O 6.6.6.6/32 [11] via 60.1.1.2, ge10, Area 0.0.0.0
C 10.1.1.0/24 [10] is directly connected, xe20, Area 0.0.0.0
O 20.1.1.0/24 [20] via 10.1.1.2, xe20, Area 0.0.0.0
O 30.1.1.0/24 [30] via 10.1.1.2, xe20, Area 0.0.0.0
O 40.1.1.0/24 [30] via 60.1.1.2, ge10, Area 0.0.0.0
O 50.1.1.0/24 [20] via 60.1.1.2, ge10, Area 0.0.0.0
C 60.1.1.0/24 [10] is directly connected, ge10, Area 0.0.0.0
Rtr1#
Verify ospf LFA and RLFA backup computed paths for Primary Paths
Rtr1#sh ip ospf route fast-reroute
OSPF process 1:
Codes: C - connected, D - Discard, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
OSPF LFA attributes:
P - Primary, SP - Secondary-Path, LP - Link Protecting,
NP - Node Protecting, BID - Broadcast Link Protecting
DP - Downstream Protecting
O 2.2.2.2/32 [11] via 10.1.1.2, xe20, Area 0.0.0.0
Remote FRR path:
via 4.4.4.4, via 60.1.1.2, ge10, Area 0.0.0.0
Attributes: Metric: [51] ,LP
O 3.3.3.3/32 [21] via 10.1.1.2, xe20, Area 0.0.0.0
Remote FRR path:
via 4.4.4.4, via 60.1.1.2, ge10, Area 0.0.0.0
Attributes: Metric: [41] ,LP ,NP ,DP
O 4.4.4.4/32 [31] via 10.1.1.2, xe20, Area 0.0.0.0
Backup path:
via 60.1.1.2, ge10, Area 0.0.0.0
Attributes: Metric: [31] ,P ,NP ,BID ,DP
via 60.1.1.2, ge10, Area 0.0.0.0
Backup path:
via 10.1.1.2, xe20, Area 0.0.0.0
Attributes: Metric: [31] ,P ,NP ,BID ,DP
O 5.5.5.5/32 [21] via 60.1.1.2, ge10, Area 0.0.0.0
Remote FRR path:
via 4.4.4.4, via 10.1.1.2, xe20, Area 0.0.0.0
Attributes: Metric: [41] ,LP ,NP ,DP
O 6.6.6.6/32 [11] via 60.1.1.2, ge10, Area 0.0.0.0
Remote FRR path:
via 4.4.4.4, via 10.1.1.2, xe20, Area 0.0.0.0
Attributes: Metric: [51] ,LP
O 20.1.1.0/24 [20] via 10.1.1.2, xe20, Area 0.0.0.0
Remote FRR path:
via 4.4.4.4, via 60.1.1.2, ge10, Area 0.0.0.0
Attributes: Metric: [50] ,LP ,NP
O 30.1.1.0/24 [30] via 10.1.1.2, xe20, Area 0.0.0.0
Backup path:
via 60.1.1.2, ge10, Area 0.0.0.0
Attributes: Metric: [40] ,SP ,NP ,BID
O 40.1.1.0/24 [30] via 60.1.1.2, ge10, Area 0.0.0.0
Backup path:
via 10.1.1.2, xe20, Area 0.0.0.0
Attributes: Metric: [40] ,SP ,NP ,BID
O 50.1.1.0/24 [20] via 60.1.1.2, ge10, Area 0.0.0.0
Remote FRR path:
via 4.4.4.4, via 10.1.1.2, xe20, Area 0.0.0.0
Attributes: Metric: [50] ,LP ,NP
Rtr1#
Verify PQ node which is near to source is selected and Target-LDP session is established with PQ node using below commands
Rtr1#sh ldp session
Peer IP Address IF Name My Role State KeepAlive UpTime
2.2.2.2 xe20 Passive OPERATIONAL 30 00:07:29
6.6.6.6 ge10 Passive OPERATIONAL 30 00:05:16
4.4.4.4 xe20 Passive OPERATIONAL 30 00:05:04
To verify which password is enabled
Rtr1#sh ldp session 4.4.4.4
Session state : OPERATIONAL
Session role : Passive
TCP Connection : Established
IP Address for TCP : 4.4.4.4
Interface being used : xe23
Peer LDP ID : 4.4.4.4:0
Peer LDP Password : test2
Authentication type : MD5
Adjacencies : 4.4.4.4
Advertisement mode : Downstream Unsolicited
Label retention mode : Liberal
Graceful Restart : Not Capable
Keepalive Timeout : 30
Reconnect Interval : 15
Address List received : 4.4.4.4
40.1.1.2
70.1.1.2
Received Labels : Fec Label Maps To
IPV4:70.1.1.0/24 impl-null none
IPV4:60.1.1.0/24 35218 none
IPV4:50.1.1.0/24 35216 none
IPV4:40.1.1.0/24 impl-null none
IPV4:20.1.1.0/24 35214 none
IPV4:10.1.1.0/24 35212 none
IPV4:6.6.6.6/32 35209 none
IPV4:5.5.5.5/32 35207 none
IPV4:4.4.4.4/32 impl-null none
IPV4:3.3.3.3/32 35205 none
IPV4:2.2.2.2/32 35203 none
IPV4:1.1.1.1/32 35202 none
Sent Labels : Fec Label Maps To
IPV4:70.1.1.0/24 35218 34563
IPV4:70.1.1.0/24 35218 34567
IPV4:60.1.1.0/24 35217 34564
IPV4:60.1.1.0/24 35217 34562
IPV4:50.1.1.0/24 impl-null none
IPV4:40.1.1.0/24 35216 impl-null
IPV4:20.1.1.0/24 35215 impl-null
IPV4:10.1.1.0/24 impl-null none
IPV4:6.6.6.6/32 35214 34565
IPV4:6.6.6.6/32 35214 34561
IPV4:5.5.5.5/32 35213 impl-null
IPV4:4.4.4.4/32 35212 34560
IPV4:3.3.3.3/32 35211 34561
IPV4:2.2.2.2/32 35210 impl-null
IPV4:1.1.1.1/32 impl-null none
Verify that Primary and Backup FTN's are installed with labels in LDP RLFA route table
Rtr1#sh ldp rlfa-routes
Codes: p - stale rLFA route
Fec Primary-NH Backup-NH rLFA-Addr Out-Intf Outer-label Inner-label Owner
2.2.2.2 10.1.1.2 60.1.1.2 4.4.4.4 ge10 24964 24969 ospf
3.3.3.3 10.1.1.2 60.1.1.2 4.4.4.4 ge10 24964 24970 ospf
5.5.5.5 60.1.1.2 10.1.1.2 4.4.4.4 xe20 24963 24971 ospf
6.6.6.6 60.1.1.2 10.1.1.2 4.4.4.4 xe20 24963 24972 ospf
20.1.1.0 10.1.1.2 60.1.1.2 4.4.4.4 ge10 24964 24974 ospf
50.1.1.0 60.1.1.2 10.1.1.2 4.4.4.4 xe20 24963 24975 ospf
Verify that backup XC's calculated for primary FTN's in MPLS forwarding table. Verify the same in FTN table.
Rtr1#sh mpls forwarding-table
Codes: > - installed FTN, * - selected FTN, p - stale FTN,
B - BGP FTN, K - CLI FTN, t - tunnel, P - SR Policy FTN,
L - LDP FTN, R - RSVP-TE FTN, S - SNMP FTN, I - IGP-Shortcut,
U - unknown FTN, O - SR-OSPF FTN, i - SR-ISIS FTN, k - SR-CLI FTN
(m) - FTN mapped over multipath transport
Code FEC FTN-ID Nhlfe-ID Tunnel-id Pri LSP-Type Out-Label Out-Intf ELC Nexthop
L> 2.2.2.2/32 1 2 - Yes LSP_DEFAULT 3 xe20 No 10.1.1.2
23 - No LSP_DEFAULT 24969 ge10 No 4.4.4.4
(via 60.1.1.2 ,label 24964)
L> 3.3.3.3/32 2 4 - Yes LSP_DEFAULT 24962 xe20 No 10.1.1.2
24 - No LSP_DEFAULT 24970 ge10 No 4.4.4.4
(via 60.1.1.2 ,label 24964)
L> 4.4.4.4/32 3 6 - Yes LSP_DEFAULT 24963 xe20 No 10.1.1.2
7 - No LSP_DEFAULT 24964 ge10 No 60.1.1.2
7 - Yes LSP_DEFAULT 24964 ge10 No 60.1.1.2
5 - No LSP_DEFAULT 24963 xe20 No 10.1.1.2
L> 5.5.5.5/32 4 10 - Yes LSP_DEFAULT 24965 ge10 No 60.1.1.2
25 - No LSP_DEFAULT 24971 xe20 No 4.4.4.4
(via 10.1.1.2 ,label 24963)
L> 6.6.6.6/32 5 15 - Yes LSP_DEFAULT 3 ge10 No 60.1.1.2
26 - No LSP_DEFAULT 24972 xe20 No 4.4.4.4
(via 10.1.1.2 ,label 24963)
L> 20.1.1.0/24 6 11 - Yes LSP_DEFAULT 3 xe20 No 10.1.1.2
27 - No LSP_DEFAULT 24974 ge10 No 4.4.4.4
(via 60.1.1.2 ,label 24964)
L> 30.1.1.0/24 7 13 - Yes LSP_DEFAULT 24966 xe20 No 10.1.1.2
16 - No LSP_DEFAULT 24966 ge10 No 60.1.1.2
L> 40.1.1.0/24 8 19 - Yes LSP_DEFAULT 24967 ge10 No 60.1.1.2
20 - No LSP_DEFAULT 24967 xe20 No 10.1.1.2
L> 50.1.1.0/24 9 22 - Yes LSP_DEFAULT 3 ge10 No 60.1.1.2
28 - No LSP_DEFAULT 24975 xe20 No 4.4.4.4
(via 10.1.1.2 ,label 24963)
Rtr1#sh mpls ftn-table
Primary FTN entry with FEC: 2.2.2.2/32, id: 1, row status: Active, Tunnel-Policy: N/A
Owner: LDP, distance: 0, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 0, Protected LSP id: 0, Description: N/A, Color: 0
Cross connect ix: 1, in intf: - in label: 0 out-segment ix: 1
Owner: N/A, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 1, owner: N/A, Stale: NO, out intf: xe20, out label: 3
Nexthop addr: 10.1.1.2 cross connect ix: 1, op code: Push
Backup Cross connect ix: 9, in intf: - in label: 0 out-segment ix: 23
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 23, owner: LDP, Stale: NO, out intf: ge10, out label: 24969
Nexthop addr: 4.4.4.4 cross connect ix: 9, op code: Push
Primary FTN entry with FEC: 3.3.3.3/32, id: 2, row status: Active, Tunnel-Policy: N/A
Owner: LDP, distance: 0, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 0, Protected LSP id: 0, Description: N/A, Color: 0
Cross connect ix: 2, in intf: - in label: 0 out-segment ix: 3
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 3, owner: LDP, Stale: NO, out intf: xe20, out label: 24962
Nexthop addr: 10.1.1.2 cross connect ix: 2, op code: Push
Backup Cross connect ix: 11, in intf: - in label: 0 out-segment ix: 24
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 24, owner: LDP, Stale: NO, out intf: ge10, out label: 24970
Nexthop addr: 4.4.4.4 cross connect ix: 11, op code: Push
Primary FTN entry with FEC: 4.4.4.4/32, id: 3, row status: Active, Tunnel-Policy: N/A
Owner: LDP, distance: 0, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 0, Protected LSP id: 0, Description: N/A, Color: 0
Cross connect ix: 3, in intf: - in label: 0 out-segment ix: 5
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 5, owner: LDP, Stale: NO, out intf: xe20, out label: 24963
Nexthop addr: 10.1.1.2 cross connect ix: 3, op code: Push
Backup Cross connect ix: 2, in intf: - in label: 0 out-segment ix: 7
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 7, owner: LDP, Stale: NO, out intf: ge10, out label: 24964
Nexthop addr: 60.1.1.2 cross connect ix: 3, op code: Push
Cross connect ix: 3, in intf: - in label: 0 out-segment ix: 7
Owner: LDP, Persistent: No, Admin Status: Down, Oper Status: Not present
Out-segment with ix: 7, owner: LDP, Stale: NO, out intf: ge10, out label: 24964
Nexthop addr: 60.1.1.2 cross connect ix: 3, op code: Push
Backup Cross connect ix: 1, in intf: - in label: 0 out-segment ix: 5
Owner: LDP, Persistent: No, Admin Status: Down, Oper Status: Not present
Out-segment with ix: 5, owner: LDP, Stale: NO, out intf: xe20, out label: 24963
Nexthop addr: 10.1.1.2 cross connect ix: 3, op code: Push
Primary FTN entry with FEC: 5.5.5.5/32, id: 4, row status: Active, Tunnel-Policy: N/A
Owner: LDP, distance: 0, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 0, Protected LSP id: 0, Description: N/A, Color: 0
Cross connect ix: 5, in intf: - in label: 0 out-segment ix: 9
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 9, owner: LDP, Stale: NO, out intf: ge10, out label: 24965
Nexthop addr: 60.1.1.2 cross connect ix: 5, op code: Push
Backup Cross connect ix: 13, in intf: - in label: 0 out-segment ix: 25
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 25, owner: LDP, Stale: NO, out intf: xe20, out label: 24971
Nexthop addr: 4.4.4.4 cross connect ix: 13, op code: Push
Primary FTN entry with FEC: 6.6.6.6/32, id: 5, row status: Active, Tunnel-Policy: N/A
Owner: LDP, distance: 0, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 0, Protected LSP id: 0, Description: N/A, Color: 0
Cross connect ix: 7, in intf: - in label: 0 out-segment ix: 14
Owner: N/A, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 14, owner: N/A, Stale: NO, out intf: ge10, out label: 3
Nexthop addr: 60.1.1.2 cross connect ix: 7, op code: Push
Backup Cross connect ix: 15, in intf: - in label: 0 out-segment ix: 26
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 26, owner: LDP, Stale: NO, out intf: xe20, out label: 24972
Nexthop addr: 4.4.4.4 cross connect ix: 15, op code: Push
Primary FTN entry with FEC: 20.1.1.0/24, id: 6, row status: Active, Tunnel-Policy: N/A
Owner: LDP, distance: 0, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 0, Protected LSP id: 0, Description: N/A, Color: 0
Cross connect ix: 1, in intf: - in label: 0 out-segment ix: 1
Owner: N/A, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 1, owner: N/A, Stale: NO, out intf: xe20, out label: 3
Nexthop addr: 10.1.1.2 cross connect ix: 1, op code: Push
Backup Cross connect ix: 17, in intf: - in label: 0 out-segment ix: 27
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 27, owner: LDP, Stale: NO, out intf: ge10, out label: 24974
Nexthop addr: 4.4.4.4 cross connect ix: 17, op code: Push
Primary FTN entry with FEC: 30.1.1.0/24, id: 7, row status: Active, Tunnel-Policy: N/A
Owner: LDP, distance: 0, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 0, Protected LSP id: 0, Description: N/A, Color: 0
Cross connect ix: 6, in intf: - in label: 0 out-segment ix: 12
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 12, owner: LDP, Stale: NO, out intf: xe20, out label: 24966
Nexthop addr: 10.1.1.2 cross connect ix: 6, op code: Push
Backup Cross connect ix: 3, in intf: - in label: 0 out-segment ix: 16
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 16, owner: LDP, Stale: NO, out intf: ge10, out label: 24966
Nexthop addr: 60.1.1.2 cross connect ix: 3, op code: Push
Primary FTN entry with FEC: 40.1.1.0/24, id: 8, row status: Active, Tunnel-Policy: N/A
Owner: LDP, distance: 0, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 0, Protected LSP id: 0, Description: N/A, Color: 0
Cross connect ix: 8, in intf: - in label: 0 out-segment ix: 18
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 18, owner: LDP, Stale: NO, out intf: ge10, out label: 24967
Nexthop addr: 60.1.1.2 cross connect ix: 8, op code: Push
Backup Cross connect ix: 4, in intf: - in label: 0 out-segment ix: 20
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 20, owner: LDP, Stale: NO, out intf: xe20, out label: 24967
Nexthop addr: 10.1.1.2 cross connect ix: 4, op code: Push
Primary FTN entry with FEC: 50.1.1.0/24, id: 9, row status: Active, Tunnel-Policy: N/A
Owner: LDP, distance: 0, Action-type: Redirect to LSP, Exp-bits: 0x0, Incoming DSCP: none
Tunnel id: 0, Protected LSP id: 0, Description: N/A, Color: 0
Cross connect ix: 7, in intf: - in label: 0 out-segment ix: 14
Owner: N/A, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 14, owner: N/A, Stale: NO, out intf: ge10, out label: 3
Nexthop addr: 60.1.1.2 cross connect ix: 7, op code: Push
Backup Cross connect ix: 19, in intf: - in label: 0 out-segment ix: 28
Owner: LDP, Persistent: No, Admin Status: Up, Oper Status: Up
Out-segment with ix: 28, owner: LDP, Stale: NO, out intf: xe20, out label: 24975
Nexthop addr: 4.4.4.4 cross connect ix: 19, op code: Push
Rtr1#
Note: The following CLI will be used to configure different types of MD5 authentication.
• To configure dedicated MD5 password to a neighbor (under router ldp):
neighbor A.B.C.D auth md5 password (plain-text|encrypt) WORD
The same should be configured on neighbour A.B.C.D.
• To set password for all LDP neighbors (under router ldp):
neighbor all auth md5 password (plain-text|encrypt) WORD
• To exclude password for a neighbor (under router ldp)
neighbor A.B.C.D auth md5 password exclude
• To set password for auto-targeted sessions (under router ldp):
neighbor auto-targeted auth md5 password (plain-text|encrypt) WORD
• To create session group (under router ldp)
session-group name WORD
• To set password for the session group (under session group)
auth md5 password (plain-text|encrypt) WORD
• To add neighbors in the group (under session group)
neighbor prefix-list <prefix-list-name>