MLDP Filtering
|
|||||||||||||||||||||||||||||||
Contents
MLDP FilteringLast Updated: August 08, 2011
The MDLP Filtering feature adds filtering capabilities to the Cisco Multicast Label Distribution Protocol (MLDP) label-based Multicast Virtual Private Network (MVPN) solution. Finding Feature InformationLast Updated: August 08, 2011
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. Information about MLDP FilteringLast Updated: August 08, 2011
MLDP FilteringMLDP Filtering prevents multicast traffic that is distributed to different sites via MVPNs from traveling on sections of the network by providing the following capabilities:
The filtering feature uses FEC (Forward Equivalence Class) definitions to filter specified FECs on a per-peer basis. The list of peers for which a FEC is to be filtered is defined in an access control list (ACL). FEC-based filtering per peer is supported only for outbound filtering. If an MLDP stream is denied by the filter, then the router will not advertise label mappings to the filtered peer. MLDP Filtering also enables you to filter label mappings based on a particular range of MLDP tree numbers per VRF. If a source and group (S,G) MVPN entry matches more than one data MDT configuration, all data MDT configurations are examined and the first configuration that contains an ACL that matches the (S,G) is picked. If none of the ACLs match the (S,G), then the tree number with the lowest ref_count among all the remaining no-ACL data MDT configurations is selected. If an (S,G) flow in the vrf is on a data MDT without an ACL and a new data MDT configuration with a matching ACL is configured, the (S,G) flow will not switch to the newly configured scope. The (S,G) flows which are already on the data MDT will switch only if the vrf mroutes are cleared. Traffic can flow on the default MDT or it can be switched immediately to the data MDT after the (S,G) state is created on the ingress Provider Edge (PE) router. Immediate switch works for source specific-multicast (SSM) groups in the VRF only if the MDT data threshold is 0. As long as the (S,G) SSM state exists on the ingress PE router, traffic will stay on the data MDT. MLDP Disable on an InterfaceMulticast Label Distribution Protocol (MLDP) is automatically enabled on all interfaces on which Multiprotocol Label Switching (MPLS) dynamic label switching is enabled. Disabling MLDP on an interface prevents that interface from being used in path selection even if it is advertised as a path by route watch. If the only path returned by route watch is one on which MLDP is disabled, then the route to that peer or root is considered unreachable. If a router receives a label mapping on a particular interface on which MLDP is disabled, the router installs the label mapping and builds a tree upstream. If there are two links to a given peer and one of them is MLDP-disabled, it is possible that the MPLS Forwarding Infrastructure (MFI) will use the disabled link for forwarding if recursive forwarding is configured. To ensure that the MLDP-disabled interface is not used by MFI, you must disable recursive forwarding. How to Configure MLDP FilteringLast Updated: August 08, 2011
Disabling MLDP on an InterfaceMLDP is enabled by default on all MPLS-enabled interfaces. Perform this task to disable MDLP on the specified interface. We recommend that you disable MLDP on both sides of a link. DETAILED STEPS Filtering MLDP TrafficSUMMARY STEPS
DETAILED STEPS Mapping S and G Flows to MDT TreesBefore You Begin
SUMMARY STEPS
Extended access list (ACL) of range of (S,G) entries in VRF to be filtered must be configured. DETAILED STEPS Verfiying MLDP FilteringSUMMARY STEPS
DETAILED STEPS
Configuration Examples for MLDP FilteringLast Updated: August 08, 2011
Example: MLDP FilteringThe following example configuration shows the following:
access-list 50 deny 4.4.4.4 access-list 50 permit any access-list 51 deny 2.2.2.2 access-list 51 permit any access-list 52 deny 3.3.3.3 access-list 52 permit any . . . mpls mldp fec 1 opaque-type mdt vpn-id any scope any mpls mldp fec 2 opaque-type mdt vpn-id 1:1 scope any mpls mldp fec 3 opaque-type mdt vpn-id 2:2 scope 1 mpls mldp fec 4 opaque-type mdt vpn-id all scope 2 mpls mldp filter 1 peer-list 50 mpls mldp filter 2 peer-list 51 mpls mldp filter 3 peer-list 51 mpls mldp filter 4 peer-list 52 Example: S and G Mappings to Data MDT Tree NumbersThis example shows the (S,G) mappings on the ingress PE for a given VRF (blue). Group range 232.1.1.0/24 is confined withing local scope 1 with traffic switching immediately to the data MDT. Group range 232.1.2.0/24 is confined to regional scope 2. access-list 100 permit ip any 232.1.1.0 0.0.0.255 access-list 101 permit ip any 232.1.2.0 0.0.0.255 ip vrf blue mdt data mpls mldp 100 list 100 scope 1 immediate-switch mdt data mpls mldp 200 list 101 scope 2 immediate-switch Additional ReferencesLast Updated: August 08, 2011
MIBsTechnical Assistance
Feature Information for MLDP FilteringLast Updated: August 08, 2011
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Last Updated: August 08, 2011
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R) Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. |
|||||||||||||||||||||||||||||||