Cisco Systems 12.4 manual Protecting Data Between LDP Peers with MD5 Authentication

Page 24

Protecting Data Between LDP Peers with MD5 Authentication

How to Configure MPLS LDP

Router# configure terminal

Router(config)# mpls label protocol ldp

Router(config)# access-list 15 permit host 10.15.15.15

Router(config)# mpls ldp explicit-null to 15

If you issue the show mpls forwarding-tablecommand, the output shows that explicit null labels are going only to the router specified in the access list.

Router# show mpls forwarding-table

 

 

 

Local

Outgoing

Prefix

Bytes label Outgoing

Next Hop

label

label or VC or Tunnel Id

switched

interface

 

19

Pop tag

10.12.12.12/32

0

Fa2/1/0

172.16.0.1

22

0

10.14.14.14/32

0

Fa2/0/0

192.168.0.2

23

0

172.24.24.24/32

0

Fa2/0/0

192.168.0.2

24

0

192.168.0.0/8

0

Fa2/0/0

192.168.0.2

25

0

10.15.15.15/32

0

Fa2/0/0

192.168.0.2

26

0

172.16.0.0/8

0

Fa2/0/0

192.168.0.2

27

25

10.16.16.16/32

0

Fa2/0/0

192.168.0.22

28

0

10.34.34.34/32

0

Fa2/0/0

192.168.0.2

Enabling explicit-null with both the forand tokeywords enables you to specify which routes to advertise with explicit-null labels and to which adjacent routers to advertise these explicit-null labels.

Router# show access 15 Standard IP access list 15

permit 10.15.15.15 (7 matches) Router# show access 24

Standard IP access list 24

permit 10.24.24.24 (11 matches) Router# configure terminal Router(config)# mpls label protocol ldp Router(config)# mpls ldp explicit-null for 24 to 15

If you issue the show mpls forwarding-tablecommand on the router called 47K-60-4, the output shows that it receives explicit null labels for 10.24.24.24/32.

Router# show mpls forwarding-table

 

 

 

Local

Outgoing

Prefix

Bytes label Outgoing

Next Hop

label

label or VC or Tunnel Id

switched

interface

 

17

0 <---

10.24.24.24/32

0

Et4

172.16.0.1

20

Pop tag

172.16.0.0/8

0

Et4

172.16.0.1

21

20

10.12.12.12/32

0

Et4

172.16.0.1

22

16

10.0.0.0/8

0

Et4

172.16.0.1

23

21

10.13.13.13/32

0

Et4

172.16.0.1

25

Pop tag

10.14.14.14/32

0

Et4

172.16.0.1

27

Pop tag

192.168.0.0/8

0

Et4

172.16.0.1

28

25

10.16.16.16/32

0

Et4

172.16.0.1

29

Pop tag

192.168.34.34/32

0

Et4

172.16.0.1

Protecting Data Between LDP Peers with MD5 Authentication

You can enable authentication between two LDP peers, which verifies each segment sent on the TCP connection between the peers. You must configure authentication on both LDP peers using the same password; otherwise, the peer session is not established.

Authentication uses the Message Digest 5 (MD5) algorithm to verify the integrity of the communication and authenticate the origin of the message.

To enable authentication, issue the mpls ldp neighborcommand with the passwordkeyword. This causes the router to generate an MD5 digest for every segment sent on the TCP connection and check the MD5 digest for every segment received from the TCP connection.

When you configure a password for an LDP neighbor, the router tears down existing LDP sessions and establishes new sessions with the neighbor.

MPLS LDP Configuration Guide, Cisco IOS Release 12.4

18

Image 24
Contents Mpls LDP Configuration Guide, Cisco IOS Release Page N T E N T S Mpls LDP Inbound Label Binding Filtering Mpls LDP Graceful Restart Contents Mpls LDP Configuration Guide, Cisco IOS Release Finding Feature Information Prerequisites for Mpls LDPInformation About Mpls LDP Introduction to Mpls LDP Mpls LDP Functional OverviewLDP and TDP Support Train and ReleaseIntroduction to LDP Sessions Train and Release LDP/TDP SupportNondirectly Connected Mpls LDP Sessions How to Configure Mpls LDP Enabling Directly Connected LDP Sessions,Step Command or Action Purpose Enabling Directly Connected LDP SessionsExample Command or Action Purpose StepStep Command or Action Establishing Nondirectly Connected Mpls LDP SessionsExamples Mpls label protocol ldp tdp both Interface tunnelnumber Tunnel destination ip-address Saving Configurations Mpls Tag Switching Commands Specifying the LDP Router ID Routerconfig# mpls ldp Router-id pos2/0/0 Preserving QoS Settings with Mpls LDP Explicit Null Following example displays the LDP router IDInterface type number Command or Action Purpose Local Outgoing Prefix Protecting Data Between LDP Peers with MD5 Authentication Summary Steps Mpls ldp neighbor vrf vpn-nameip Mpls LDP Configuration Examples Configuring Directly Connected Mpls LDP Sessions ExampleRouter 1 Configuration Router 2 ConfigurationRouter 3 Configuration Establishing Nondirectly Connected Mpls LDP Sessions Example Router 4 Configuration Router 5 ConfigurationRouter 6 Configuration Additional References Feature Information for Mpls Label Distribution Protocol Technical Assistance Description LinkReleases Feature Information Router-idFeature Name Releases Feature Name Releases Feature Information Page Restrictions for Mpls LDP Session Protection Information About Mpls LDP Session ProtectionMpls LDP Session Protection Customizations How to Configure Mpls LDP Session Protection Enabling Mpls LDP Session ProtectionRouterconfig-if#mpls label protocol ldp Verifying Mpls LDP Session Protection Troubleshooting Tips Router# show mpls ldp neighbor detailIp classless Redundancy Full-duplex Interface Ethernet5/0/2 MIBs MIBs Link RFCs TitleCommand Reference Mpls LDP Inbound Label Binding Filtering RestrictionsHow to Configure Mpls LDP Inbound Label Binding Filtering Configuring Mpls LDP Inbound Label Binding FilteringIp access-list standard access-list-number Verifying that Mpls LDP Inbound Label Bindings are Filtered Router# show mpls ldp neighbor 10.12.12.12 detailAccess-list-number Access-list-name LDP Specification, draft-ietf-mpls-ldp-08.txt Technical Assistance Description Link Releases Feature Information GlossaryMpls LDP Inbound Label Binding Filtering Page Mpls LDP Autoconfiguration Restrictions for Mpls LDP AutoconfigurationInformation About Mpls LDP Autoconfiguration How to Configure Mpls LDP AutoconfigurationMpls LDP Autoconfiguration on Ospf and IS-IS Interfaces Configuring Mpls LDP Autoconfiguration with Ospf InterfacesGlobally enables hop-by-hop forwarding Router ospf process-id Verifying Mpls LDP Autoconfiguration with Ospf Router# show mpls interfaces Serial 2/0 detail Configuring Mpls LDP Autoconfiguration with IS-IS Interfaces Command or Action Purpose StepEnables IS-IS for IP on the interface Enables the LDP for interfaces that belong to an IS-IS Verifying Mpls LDP Autoconfiguration with IS-IS Router# show isis mpls ldpMpls LDP Autoconfiguration with Ospf Example Troubleshooting TipsMpls LDP Autoconfiguration with IS-IS Examples Command ReferenceFeature Information for Mpls LDP Autoconfiguration Feature Information for Mpls LDP Autoconfiguration Mpls LDP Graceful Restart Information About Mpls LDP Graceful Restart How Mpls LDP Graceful Restart WorksHow to Configure Mpls LDP Graceful Restart Configuring Mpls LDP Graceful RestartMpls ip Mpls label protocol ldptdpboth Configuration Example for Mpls LDP Graceful Restart Verifying the ConfigurationRouter 1 configured with LDP GR Router 2 configured with LDP SSO/NSFRouter 3 configured with LDP SSO/NSF Mpls label protocol ldp mpls traffic-eng tunnels mpls ipMpls Label Distribution Protocol Feature Information for Mpls LDP Graceful Restart Feature Information for Mpls LDP Graceful Restart

12.4 specifications

Cisco Systems has consistently been at the forefront of networking technology, and one of its notable software releases is IOS version 12.4. This version introduced significant enhancements and features that continue to influence networking practices. IOS 12.4 was specifically designed to accommodate the growing demands of network reliability, scalability, and advanced functionalities.

One of the primary characteristics of IOS 12.4 is its enhanced security features. The version integrates advanced security protocols, including improvements in IPsec, which allows for secure communication across potentially insecure networks. Additionally, it supports firewall technologies and access control lists (ACLs), ensuring that organizations can implement stringent security measures tailored to their traffic requirements.

Another defining feature of IOS 12.4 is its support for IPv6. As the internet continued to grow, the need for expanded address space became critical. With IOS 12.4, Cisco provided robust capabilities for transitioning from IPv4 to IPv6, ensuring that network managers could adopt the newer standard without sacrificing performance or reliability. This included support for routing protocols and other networking functions that were essential in an IPv6 environment.

Performance improvements were also a key aspect of IOS 12.4. The release optimized routing protocols, including Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF), to enhance convergence times and reduce latency. This effectively contributed to improved network efficiency and uptime.

Cisco also included advanced Quality of Service (QoS) capabilities in IOS 12.4, allowing organizations to prioritize critical traffic. Features such as class-based weighted fair queuing and low-latency queuing became invaluable for organizations requiring seamless voice and video communications over IP networks. This focus on QoS demonstrated Cisco's understanding of the growing importance of multimedia applications in modern business environments.

With a set of stable and scalable routing features, IOS 12.4 supports a variety of platforms, enabling businesses to deploy it across different networking hardware to suit their needs. The modularity of this IOS version makes it flexible for various applications, from small business networks to large enterprise systems.

In summary, Cisco Systems' IOS 12.4 brought forth a wealth of features aimed at enhancing security, performance, and flexibility. Through improved routing capabilities, strong IPv6 support, and advanced QoS features, this version laid the foundation for many of the networking principles that organizations still utilize today.