Topology:
Use configuration from MPLS task #2 as initial configuration for this task.
Requirements:
1. All routers shall retain the LDP bindings received from the neighbor peer, in the event of interface failure between the routers.
2. Routers R1, R2, R6 and R3 shall include Fault Tolerant TLV in LDP initiation message.
3. Authenticate the LDP sessions between the routers.
3.1 Use password "WEAK" for sessions R1-R2, R1-R6, R4-R3, R4-R5.
3.2 Use password "STRONG" for all other sessions.
3.3 Use the minimal possible number of commands to configure the authentication.
Solution:
Highlight the text below to reveal the solution.
This task requires understanding of MPLS LDP authentication configuration options, MPLS LDP graceful-restart and MPLS LDP session-protection.
Requirement #1 - configure MPLS LDP session protection on all routers.
Requirement #2 - configure routers R1, R2, R6 and R3 for MPLS LDP graceful-restart. Graceful restart is negotiated by including FT TLV in initiation message.
Requirement #3 - configure authentication for LDP neighbors. In order to minimize the number of commands required, use fallback password feature, so not to configure password for every neighbor pair.
!
mpls ldp password fallback WEAK
mpls ldp graceful-restart
mpls ldp session protection
!
This task requires understanding of MPLS LDP authentication configuration options, MPLS LDP graceful-restart and MPLS LDP session-protection.
Requirement #1 - configure MPLS LDP session protection on all routers.
Requirement #2 - configure routers R1, R2, R6 and R3 for MPLS LDP graceful-restart. Graceful restart is negotiated by including FT TLV in initiation message.
Requirement #3 - configure authentication for LDP neighbors. In order to minimize the number of commands required, use fallback password feature, so not to configure password for every neighbor pair.
R1:
!
mpls ldp password fallback WEAK
mpls ldp graceful-restart
mpls ldp session protection
!
R2:
!
mpls ldp password fallback STRONG
mpls ldp neighbor 16.0.1.1 password WEAK
mpls ldp explicit-null
mpls ldp graceful-restart
mpls ldp session protection
!
R3:
!
mpls ldp
graceful-restart
router-id 16.0.3.3
neighbor
password encrypted 13362320242223
16.0.4.4:0 password encrypted 15252E2D2F
!
session protection
address-family ipv4
label
local
advertise
explicit-null
!
!
!
!
interface GigabitEthernet0/0/0/0
address-family ipv4
!
!
interface GigabitEthernet0/0/0/1
!
interface GigabitEthernet0/0/0/2
!
!
R4:
!
mpls ldp
router-id 16.0.4.4
neighbor
password encrypted 113E3C243C
!
session protection
address-family ipv4
!
!
R5:
!
mpls ldp password fallback STRONG
mpls ldp neighbor 16.0.4.4 password WEAK
mpls ldp session protection
!
R6:
!
mpls ldp password fallback STRONG
mpls ldp neighbor 16.0.1.1 password WEAK
mpls ldp graceful-restart
mpls ldp session protection
!
R7:
!
mpls ldp password fallback STRONG
mpls ldp session protection
!
Verification:
R1#show mpls ldp neighbor 16.0.2.2 detail
Peer LDP Ident: 16.0.2.2:0; Local LDP Ident 16.0.1.1:0
TCP connection: 16.0.2.2.22140 - 16.0.1.1.646; MD5 on
Password: not required, fallback, in use
State: Oper; Msgs sent/rcvd: 54/54; Downstream; Last TIB rev sent 69
Up time: 00:29:14; UID: 13; Peer Id 0;
LDP discovery sources:
Ethernet0/0; Src IP addr: 16.0.12.2
holdtime: 15000 ms, hello interval: 5000 ms
Targeted Hello 16.0.1.1 -> 16.0.2.2, active, passive;
holdtime: infinite, hello interval: 10000 ms
Addresses bound to peer LDP Ident:
16.0.12.2 16.0.26.2 16.0.25.2 16.0.23.2
16.0.2.2
Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab
Clients: Dir Adj Client
LDP Session Protection enabled, state: Ready
duration: 86400 seconds
Capabilities Sent:
[Dynamic Announcement (0x0506)]
[Typed Wildcard (0x050B)]
Capabilities Received:
[Dynamic Announcement (0x0506)]
[Typed Wildcard (0x050B)]
RP/0/0/CPU0:R3#show mpls ldp neighbor 16.0.2.2:0 detail
Mon Jan 4 15:17:56.091 UTC
Peer LDP Identifier: 16.0.2.2:0
TCP connection: 16.0.2.2:646 - 16.0.3.3:26985; MD5 on
Graceful Restart: Yes (Reconnect Timeout: 120 sec, Recovery: 0 sec)
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 52/52; Downstream-Unsolicited
Up time: 00:27:33
LDP Discovery Sources:
GigabitEthernet0/0/0/0
Targeted Hello (16.0.3.3 -> 16.0.2.2, active)
Addresses bound to this peer:
16.0.2.2 16.0.12.2 16.0.23.2 16.0.25.2
16.0.26.2
Peer holdtime: 180 sec; KA interval: 60 sec; Peer state: Estab
NSR: Disabled
Clients: Session Protection
Session Protection:
Enabled, state: Ready
Duration: 86400 sec
Capabilities:
Sent:
0x508 (MP: Point-to-Multipoint (P2MP))
0x509 (MP: Multipoint-to-Multipoint (MP2MP))
0x50b (Typed Wildcard FEC)
Received:
0x50b (Typed Wildcard FEC)