linux and networking articles

MPLS LDP label filtering

This post will outline MPLS LDP label filtering on IOS and IOS-XE. It contains LDP label filtering configuration and belonging output.


Recently we migrated two POPs to a MPLS based network  coming from VRF Lite. With other non-MPLS POPs left to migrate, we still have quite some prefixes in our IGP.

As LDP assigns labels for IGP based routes we ended up with quite some labels that were generated- and advertised without any purpose. This may impact convergence of a network so we setup LDP label filtering to only generate labels for PE’s that have L3VPN or AToM xconnects. Label filtering can be used to minimize the number of prefixes in the LIB and control which labeled prefixes are advertised using LDP.


There are two ways to control LDP label filtering:

  • LDP inbound label filtering (per LDP neighbor configuration)
  • LDP advertised label filtering

The configurations that follow are based on LDP advertised label filtering. Reason for this is that inbound label filtering is error-prone (lots of config) and if you solve the problem at the source (advertising labels), it won’t effect others. :)

This post assumes the following basic MPLS LDP configuration:

The configuration of advertised label filtering starts with a standard access-list for prefixes you would like to generate labels for. For MPLS L3VPN you basicly only wants labels of the PE loopbacks.

Next you need to configure LDP to use this standard access-list:

The result of this config can be obtained with the following commands:

When checking the results on another PE (PE2), it appears that the labels in the LIB are still advertised even though the prefixes do not match the standard ACL of PE1. So the implicit deny of a standard ACL does not work.

There is one missing command on PE1 to fix this:

Total configuration of one PE for LDP label filtering:

I hope this helps someone out there. If you have any questions, please comment!

Python script for PPPoE and PPPoA users

I wrote this python script to check for the amount of PPPoE and PPPoA users on a Cisco IOS-XE box. It’s also used by a provisioning system to check whether a PPPoX session came up or not. (Note: still learning Python)

The output will look like this for PPPoA users:

The output will look like this for PPPoE users:

Here is the script, latest version is always on github


Python script for PIM SSM mappings

A small functional python script to generate a lot of static SSM mappings for IOS-XR. The entries of mcast-groups.txt is an excel file (not comma separated).


Brocade VDX – Interconnecting Fabrics – line protocol down (ISL down)

While interconnecting two Brocade VDX VCS fabrics using normal ethernet trunks i stumbled on the following interface status during a migration:

The interface configuration was configured as follows on both ends:

Note that ISL is disabled and fabric trunking is disabled as well. No problem to connect two separate fabrics this way you would think….. :)

After some attempts getting this interface up and running, it appears there is a neighbor discovery protocol on the VDX that still checks for the VCS ID configured on the fabrics ( you cant turn it off).  When both fabrics that you would like to interconnect are using the same VCS ID you will not be able to get a normal trunk up even if you disable ISL on these links. Solution is to renumber one of the fabrics to another VCS id. Sad thing is that renumbering a VCS id means you will loose the current configuration of the fabric member.

I hope this post helps, as it took me some time to figure this stupid thing out.


« Older posts

© 2016 ipnetworking.net

Theme by Anders NorenUp ↑