Feedback
Contents
- MLDP Filtering
- Finding Feature Information
- Prerequisites for MLDP Filtering
- Information about MLDP Filtering
- MLDP Filtering
- MLDP Disable on an Interface
- How to Configure MLDP Filtering
- Disabling MLDP on an Interface
- Filtering MLDP Traffic
- Mapping S and G Flows to MDT Trees
- Verfiying MLDP Filtering
- Configuration Examples for MLDP Filtering
- Example: MLDP Filtering
- Example: S and G Mappings to Data MDT Tree Numbers
- Additional References
- Feature Information for MLDP Filtering
MLDP Filtering
The MDLP Filtering feature adds filtering capabilities to the Cisco Multicast Label Distribution Protocol (MLDP) label-based Multicast Virtual Private Network (MVPN) solution.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Information about MLDP Filtering
MLDP Filtering
The filtering feature uses FEC (Forward Equivalence Class) definitions to filter specified FECs on a per-peer basis. The list of peers for which a FEC is to be filtered is defined in an access control list (ACL). FEC-based filtering per peer is supported only for outbound filtering. If an MLDP stream is denied by the filter, then the router will not advertise label mappings to the filtered peer.
MLDP Filtering also enables you to filter label mappings based on a particular range of MLDP tree numbers per VRF. If a source and group (S,G) MVPN entry matches more than one data MDT configuration, all data MDT configurations are examined and the first configuration that contains an ACL that matches the (S,G) is picked. If none of the ACLs match the (S,G), then the tree number with the lowest ref_count among all the remaining no-ACL data MDT configurations is selected. If an (S,G) flow in the vrf is on a data MDT without an ACL and a new data MDT configuration with a matching ACL is configured, the (S,G) flow will not switch to the newly configured scope. The (S,G) flows which are already on the data MDT will switch only if the vrf mroutes are cleared.
Traffic can flow on the default MDT or it can be switched immediately to the data MDT after the (S,G) state is created on the ingress Provider Edge (PE) router. Immediate switch works for source specific-multicast (SSM) groups in the VRF only if the MDT data threshold is 0. As long as the (S,G) SSM state exists on the ingress PE router, traffic will stay on the data MDT.
MLDP Disable on an Interface
Multicast Label Distribution Protocol (MLDP) is automatically enabled on all interfaces on which Multiprotocol Label Switching (MPLS) dynamic label switching is enabled. Disabling MLDP on an interface prevents that interface from being used in path selection even if it is advertised as a path by route watch. If the only path returned by route watch is one on which MLDP is disabled, then the route to that peer or root is considered unreachable. If a router receives a label mapping on a particular interface on which MLDP is disabled, the router installs the label mapping and builds a tree upstream.
If there are two links to a given peer and one of them is MLDP-disabled, it is possible that the MPLS Forwarding Infrastructure (MFI) will use the disabled link for forwarding if recursive forwarding is configured. To ensure that the MLDP-disabled interface is not used by MFI, you must disable recursive forwarding.
How to Configure MLDP Filtering
Disabling MLDP on an Interface
MLDP is enabled by default on all MPLS-enabled interfaces. Perform this task to disable MDLP on the specified interface. We recommend that you disable MLDP on both sides of a link.
DETAILED STEPS
Filtering MLDP Traffic
DETAILED STEPS
Mapping S and G Flows to MDT Trees
Extended access list (ACL) of range of (S,G) entries in VRF to be filtered must be configured.
DETAILED STEPS
Verfiying MLDP Filtering
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
Step 1 |
enable
Example: Router> enable | |
Step 2 |
show mpls mldp interface
Example: Router# show mpls mldp interface |
Displays whether MPLS and MLDP are enabled on the interfaces. |
Step 3 | show mpls mldp neighbors
Example: Router# show mpls mldp neighbors |
Displays the parameters by which a peer is filtered. |
Step 4 |
show mpls mldp filter [fec-id]
Example: Router# show mpls mldp filter |
Displays information about filters and the peers associated with the filters. |
Step 5 |
show mpls mldp database
Example: Router# show mpls mldp database |
Displays the MLDP paths label information for each MDT. |
Configuration Examples for MLDP Filtering
Example: MLDP Filtering
- Peer P4 will be denied for all FECs (matches FEC 1).
- For FECs having VPN id 1:1 and any scope, peers P4 (matches FEC 1) and P2 (matches FEC 2) will be denied. Additionally peer P3 will be denied if FEC VPN id is 1:1 and scope 2 (matchesFEC 4).
- For FECs having VPN id 2:2 and scope 1, peers P4 (matches FEC 1) and P2 (matches FEC 3) will be denied. Additionally peer P3 will be denied if FEC VPN id is 2:2 and scope 2 (matches FEC 4).
- For FECs having any VPN id and scope 2, peers P4 (matches FEC 1) and P3 (matches FEC 4) will be denied.
- Peer P4 will be denied for FEC with VPN id 3:3 and scope 3.
access-list 50 deny 4.4.4.4
access-list 50 permit any
access-list 51 deny 2.2.2.2
access-list 51 permit any
access-list 52 deny 3.3.3.3
access-list 52 permit any
.
.
.
mpls mldp fec 1 opaque-type mdt vpn-id any scope any
mpls mldp fec 2 opaque-type mdt vpn-id 1:1 scope any
mpls mldp fec 3 opaque-type mdt vpn-id 2:2 scope 1
mpls mldp fec 4 opaque-type mdt vpn-id all scope 2
mpls mldp filter 1 peer-list 50
mpls mldp filter 2 peer-list 51
mpls mldp filter 3 peer-list 51
mpls mldp filter 4 peer-list 52
Example: S and G Mappings to Data MDT Tree Numbers
This example shows the (S,G) mappings on the ingress PE for a given VRF (blue). Group range 232.1.1.0/24 is confined withing local scope 1 with traffic switching immediately to the data MDT. Group range 232.1.2.0/24 is confined to regional scope 2.
access-list 100 permit ip any 232.1.1.0 0.0.0.255
access-list 101 permit ip any 232.1.2.0 0.0.0.255
ip vrf blue
mdt data mpls mldp 100 list 100 scope 1 immediate-switch
mdt data mpls mldp 200 list 101 scope 2 immediate-switch
Additional References
MIBs
Technical Assistance
| Description | Link |
|---|---|
|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for MLDP Filtering
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
| Table 1 | Feature Information for MLDP Filtering |
| Feature Name | Releases | Feature Information |
|---|---|---|
|
MLDP Filtering |
15.1(3)S |
The MDLP Filtering feature adds filtering capabilities to the Cisco Multicast Label Distribution Protocol (MLDP) label-based Multicast Virtual Private Network (MVPN) solution. The following commands were introduced or modified: mdt data mpls mldp, mlps mldp , mlps mldp fec , mlps mldp filter , show mpls mldp filter, show mpls mldp interface, show mpls mldp neighbors, |
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.