MPLS LDP messages (discovery, session, advertisement, and notification messages) are exchanged between LDP peers through two channels:
- LDP discovery messages are transmitted as User Datagram Protocol (UDP) packets to the well-known LDP port.
- Session, advertisement, and notification messages are exchanged through a TCP connection established between two LDP peers.
The MPLS LDP—Lossless MD5 Session Authentication feature allows an LDP session to be password-protected without tearing down and reestablishing the LDP session.
R2(config)#mpls ldp neighbor 188.8.131.52 password 123
R2(config)#access-list 99 permit 184.108.40.206
The disadvantage of using the old method is that when new password is required for a session, this change would require the LDP session to be tear down. With this feature New passwords can be implemented/changed without having to tear down the existing LDP session
Cisco IOS Embedded Event Manager (EEM) is a powerful tool integrated with Cisco IOS Software for system management from within the device itself. EEM offers the ability to monitor events and take informational, corrective, or any desired action when the monitored events occur or when a threshold is reached. Capturing the state of the router during such situations can be invaluable in taking immediate recovery actions and gathering information to perform root-cause analysis. Network availability is also improved if automatic recovery actions are performed without the need to fully reboot the routing device.
Ok let try to Prevent someone turning off Loopback Zero! 🙂
event manager applet Lo0 event syslog occurs 2 pattern "Loopback0, changed state to admin" action 1.0 syslog msg "Hey Someone shutdown my loopback0 - Turning it back on" action 1.1 syslog msg "I am a Smart Router, i will turn my lo0 back up again" action 1.2 cli command "enable" action 1.3 cli command "configure ter" action 1.4 cli command "int lo0" action 1.5 cli command "no shut" action 1.6 syslog msg "OK should be back up again"
Thanks to The Cisco Learning Network for this tip!
MPLS TE allows the MPLS-enabled network to replicate and expand upon the TE capabilities of Layer 2 ATM and Frame Relay networks. MPLS uses the reachability information provided by Layer 3 routing protocols and operates like a Layer 2 ATM network. With MPLS, TE capabilities are integrated into Layer 3, which can be implemented for efficient bandwidth utilization between routers in the SP network.
MPLS traffic engineering automatically establishes and maintains the tunnel across the backbone, using RSVP. The path used by a given tunnel at any point in time is determined based on the tunnel resource requirements and network resources, such as bandwidth.
MPLS traffic engineering is built on the following IOS mechanisms:
- Label-switched path (LSP) tunnels, which are signalled through RSVP, with traffic engineering extensions. LSP tunnels are represented as IOS tunnel interfaces, have a configured destination, and are unidirectional.
- A link-state IGP (such as IS-IS) with extensions for the global flooding of resource information, and extensions for the automatic routing of traffic onto LSP tunnels as appropriate.
- An MPLS traffic engineering path calculation module that determines paths to use for LSP tunnels.
- An MPLS traffic engineering link management module that does link admission and bookkeeping of the resource information to be flooded.
- Label switching forwarding, which provides routers with a Layer 2-like ability to direct traffic across multiple hops as directed by the resource-based routing algorithm.
OSPF must be configured to flood opaque LSA´s. Like any other LSA, the Opaque LSA uses the link-state database distribution mechanism for flooding this information throughout the topology. so thought all devices we configured:
the Opaque LSA has a flooding scope associated with it so that the scope of flooding may be link-local (type 9), area-local (type 10) or the entire OSPF routing domain (type 11). If you look at the ospf database on either of these routers now, you will see and entry for the new LSA types.
Each router creates a new Link ID for each link that traffic-eng is configured.
here we can see that the Maximum Bandwidth is 193000 bytes, but only 75% is available for bandwidth reservation.
now lets configure a tunnel
here, we can confirm that the tunnel is operational and that it’s a dynamic tunnel
The tunnel runs over the directly connected interfaces between R1 and R5 because that’s the shortest path to the tunnel destination.
Now let see an explicit path configuration
When a link flaps, it could take a long time for LDP to reexchange labels, off course a network can use the FIB in the meanwhile, but this could present several problems with applications that leverage the use MPLS, line MPLS VPN to say at least one. With MPLS LDP Session Protection, we can provide faster LDP convergence when a link recovers from an outage, and this is done maintaining the LDP session for a period of time.
Now when a link fails, we know that in frame mode mpls LDP would store all the labels in the LIB, even if they are not used, this is because the IGP could decide to use another path, but the real problem here, comes into play when the link is recovered, when the IGP determines that the link is available could probably change the next hop is the path to reach the network is better. The problem here is the POP action used in the LFIB table of the router while the LDP tries to establish again the session, adding to our networks, more time to converge, since the LIB might not contain the label from the new next hop, by the time the IGP had converged.
We have 2 ways to solve the convergence issues that we are faced on flapping links, the first solution is to use MPLS LDP Session Protection and the second one is to use MPLS TE make before.
A common problem in networks is flapping links. The flapping of links can have several causes, but it is not the goal of this book to look deeper into this. Flapping links do have an important impact on the convergence of the network. Because the IGP adjacency and the LDP session are running across the link, they go down when the link goes down. This is unfortunate, especially because the link is usually not down for long. The impact is pretty severe though, because the routing protocol and LDP can take time to rebuild the neighborship. LDP has to rebuild the LDP session and must exchange the label bindings again. To avoid having to rebuild the LDP session altogether, you can protect it. When the LDP session between two directly connected LSRs is protected, a targeted LDP session is built between the two LSRs. When the directly connected link does go down between the two LSRs, the targeted LDP session is kept up as long as an alternative path exists between the two LSRs. The LDP link adjacency is removed when the link goes down, but the targeted adjacency keeps the LDP session up. When the link comes back up, the LSR does not need to re-establish the LDP session; therefore, the convergence is better. The global command to enable LDP Session Protection is this:
mpls ldp session protection [vrf vpn-name] [for acl] [duration seconds]
|35 is the sum of the first five triangular numbers, making it a tetrahedral number.
35 is a highly cototient number, since there are more solutions to the equation x – φ(x) = 35 than there are for any other integers below it except 1.
35 is a discrete semiprime (or biprime) (5 x 7); the tenth, and the first with 5 as the lowest non-unitary factor. The aliquot sum of 35 is 13 this being the second composite number with such an aliquot sum; the first being the cube 27. 35 is the last member of the first triple cluster of semiprimes 33,34,35. 85,86,87 is the second such triple discrete semiprime cluster.
Since the greatest prime factor of 352 + 1 = 1226 is 613, which is obviously more than 35 twice, 35 is a Størmer number.
35 is the highest number one can count to on one’s fingers using base 6.
and today, 35 years old!
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname CMERouter ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! memory-size iomem 5 ip cef ! ! no ip dhcp use vrf connected ! ip dhcp pool ITS network 192.168.9.0 255.255.255.0 option 150 ip 192.168.9.254 default-router 192.168.9.254 ! ! ip ftp username cisco ip ftp password cisco ip name-server 192.168.2.1 ! ! ! ! ! ! voice service voip allow-connections sip to sip sip registrar server expires max 3600 min 600 ! ! ! ! ! ! ! ! ! voice translation-rule 6 rule 1 /^9/ // ! voice translation-rule 666 rule 1 /300/ /17772028487/ ! ! voice translation-profile OUT translate calling 666 translate called 6 ! ! ! ! username cisco privilege 15 password 0 cisco ! ! ! ! ! ! interface Loopback0 ip address 10.1.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ! interface FastEthernet0/0 ip address 192.168.9.254 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 192.168.2.102 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! ip route 0.0.0.0 0.0.0.0 192.168.2.1 ! ! ip http server no ip http secure-server ip http path flash: ip nat inside source list 101 interface FastEthernet0/1 overload ! access-list 101 deny ip 10.0.0.0 0.255.255.255 192.168.2.0 0.0.0.255 access-list 101 deny ip 10.0.0.0 0.255.255.255 192.168.9.0 0.0.0.255 access-list 101 permit ip any any ! ! ! tftp-server flash:P00405000700.bin tftp-server flash:P00405000700.sbn tftp-server flash:P00308000500.bin tftp-server flash:P00308000500.loads tftp-server flash:P00308000500.sb2 tftp-server flash:P00308000500.sbn ! control-plane ! ! ! dial-peer voice 901 voip translation-profile outgoing OUT destination-pattern 9.T session protocol sipv2 session target dns:callcentric.com dtmf-relay sip-notify rtp-nte codec g711ulaw ! sip-ua authentication username 17772028487 password 1313591A07 realm callcentric.com no remote-party-id retry invite 4 retry response 3 retry bye 2 retry cancel 2 retry register 5 timers register 250 registrar dns:callcentric.com expires 3600 sip-server dns:callcentric.com ! ! telephony-service max-ephones 10 max-dn 100 ip source-address 10.1.1.1 port 2000 calling-number local secondary timeouts interdigit 2 create cnf-files version-stamp Jan 01 2002 00:00:00 max-conferences 4 gain -6 web admin system name cisco secret 5 $1$Z2bp$.Ty2WFXnYAi4j7SI5vBHG/ transfer-pattern .T secondary-dialtone 9 ! ! ephone-dn 1 dual-line number 300 secondary 17772028487 label CIPC ! ! ephone 2 mac-address 0025.B370.971B type CIPC button 1:1 ! ! ! line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 exec-timeout 0 0 privilege level 15 logging synchronous no login ! ! end
which results in: