MPLS Label Filtering lab - spolier alert

Hi,

 

I just wanted to confirm that I'm not the only one seeing this behaviour. In this lab the proposed config will not work. The access-list needs to match the exact prefix not a subnet.

 

Proposed config:

 

R4, R5, R6:

access-list 10 permit 150.1.0.0 0.0.255.255

!

no mpls ldp advertise-labels

mpls ldp advertise-labels for 10

Actual results:

 

R5#sho mpls forw

Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    

Label      Label      or Tunnel Id     Switched      interface              

16         Pop Label  150.1.4.4/32     0             Gi1.45     155.1.45.4  

17         No Label   155.1.146.0/24   0             Gi1.45     155.1.45.4  

18         No Label   150.1.6.6/32     0             Gi1.45     155.1.45.4 

 

R6#sho mpls for

Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    

Label      Label      or Tunnel Id     Switched      interface              

16         No Label   150.1.5.5/32     0             Gi1.146    155.1.146.4 

17         Pop Label  150.1.4.4/32     0             Gi1.146    155.1.146.4 

18         No Label   155.1.58.0/24    0             Gi1.146    155.1.146.4 

19         No Label   155.1.5.0/24     0             Gi1.146    155.1.146.4 

20         No Label   155.1.0.0/24     0             Gi1.146    155.1.146.4 

21         No Label   155.1.45.0/24    0             Gi1.146    155.1.146.4 

 

As stated above you actually need to match the /32s loopbacks. 

Config on R4:

R4# sho run | s access-list|mpls ldp adv

no mpls ldp advertise-labels

mpls ldp advertise-labels for 10

access-list 10 permit 150.1.4.4

access-list 10 permit 150.1.5.5

access-list 10 permit 150.1.6.6

 

R6#sho mpls for

Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    

Label      Label      or Tunnel Id     Switched      interface              

16         17         150.1.5.5/32     0             Gi1.146    155.1.146.4 

17         Pop Label  150.1.4.4/32     0             Gi1.146    155.1.146.4 

18         No Label   155.1.58.0/24    0             Gi1.146    155.1.146.4 

19         No Label   155.1.5.0/24     0             Gi1.146    155.1.146.4 

 

R4#sho mpls ip binding 150.1.5.5 32 deta

Advertisement spec:

        Prefix acl = 10

  150.1.5.5/32, rev 47, chkpt: none

        in label:     17         (owner LDP)

          Advertised to:

          150.1.6.6:0            150.1.5.5:0            

        out label:    imp-null  lsr: 150.1.5.5:0      checkpointed

        Advert acl(s): Prefix acl 10

You can also see the ACL in action with:

R4(config)#do sho mpls ip binding adver

Advertisement spec:

        Prefix acl = 10

 

  150.1.4.4/32 

        Advert acl(s): Prefix acl 10

  150.1.5.5/32 

        Advert acl(s): Prefix acl 10

  150.1.6.6/32 

        Advert acl(s): Prefix acl 10

  155.1.0.0/24 

  155.1.5.0/24 

  155.1.45.0/24 

  155.1.58.0/24 

  155.1.146.0/24 

  169.254.100.0/24 

I used rack rentals for this lab: rs5rack7

Comments

  • I got it to work per the solution.  Table after loading initial configurations:

    R4#sh mpls forwarding-table
    Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop   
    Label      Label      or Tunnel Id     Switched      interface             
    16         Pop Label  150.1.5.5/32     0             Gi1.45     155.1.45.5 
    17         Pop Label  155.1.58.0/24    0             Gi1.45     155.1.45.5 
    18         Pop Label  155.1.5.0/24     0             Gi1.45     155.1.45.5 
    19         Pop Label  150.1.6.6/32     0             Gi1.146    155.1.146.6

    !

    R5#sh mpls forwarding-table
    Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop   
    Label      Label      or Tunnel Id     Switched      interface             
    16         Pop Label  150.1.4.4/32     0             Gi1.45     155.1.45.4 
    17         Pop Label  155.1.146.0/24   0             Gi1.45     155.1.45.4 
    18         19         150.1.6.6/32     0             Gi1.45     155.1.45.4 

    !

    R6#sh mpls forwarding-table
    Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop   
    Label      Label      or Tunnel Id     Switched      interface             
    16         16         150.1.5.5/32     0             Gi1.146    155.1.146.4
    17         Pop Label  150.1.4.4/32     0             Gi1.146    155.1.146.4
    18         17         155.1.58.0/24    0             Gi1.146    155.1.146.4
    19         18         155.1.5.0/24     0             Gi1.146    155.1.146.4
    20         Pop Label  155.1.0.0/24     0             Gi1.146    155.1.146.4
    21         Pop Label  155.1.45.0/24    0             Gi1.146    155.1.146.4

     

    After I entered these commands, it worked.

    On R4,R5,R6

      access-list 7 permit 150.1.0.0 0.0.255.255 log
      no mpls ldp advertise-labels
      mpls ldp advertise-labels for 7

    R4(config)#do show mpls forwarding
    Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop   
    Label      Label      or Tunnel Id     Switched      interface             
    16         Pop Label  150.1.5.5/32     0             Gi1.45     155.1.45.5 
    17         No Label   155.1.58.0/24    0             Gi1.45     155.1.45.5 
    18         No Label   155.1.5.0/24     0             Gi1.45     155.1.45.5 
    19         Pop Label  150.1.6.6/32     0             Gi1.146    155.1.146.6

    R5(config)#do show mpl forward
    Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop   
    Label      Label      or Tunnel Id     Switched      interface             
    16         Pop Label  150.1.4.4/32     0             Gi1.45     155.1.45.4 
    17         No Label   155.1.146.0/24   0             Gi1.45     155.1.45.4 
    18         19         150.1.6.6/32     0             Gi1.45     155.1.45.4

    R6(config)#do show mpls for                
    Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop   
    Label      Label      or Tunnel Id     Switched      interface             
    16         16         150.1.5.5/32     0             Gi1.146    155.1.146.4
    17         Pop Label  150.1.4.4/32     0             Gi1.146    155.1.146.4
    18         No Label   155.1.58.0/24    0             Gi1.146    155.1.146.4
    19         No Label   155.1.5.0/24     0             Gi1.146    155.1.146.4
    20         No Label   155.1.0.0/24     0             Gi1.146    155.1.146.4
    21         No Label   155.1.45.0/24    0             Gi1.146    155.1.146.4

     

    Also, I was able to log the packets from the access-list

    R4(config)#do show access-list
    Standard IP access list 7
        10 permit 150.1.0.0, wildcard bits 0.0.255.255 log (9 matches)

    R5(config)#do show access-list
    Standard IP access list 7
        10 permit 150.1.0.0, wildcard bits 0.0.255.255 log (6 matches)

    R6(config)#do show access-list
    Standard IP access list 7
        10 permit 150.1.0.0, wildcard bits 0.0.255.255 log (6 matches)

Sign In or Register to comment.