Protecting Data Between LDP Peers with MD5 Authentication

How to Configure MPLS LDP

Router# configure terminal

Router(config)# mpls label protocol ldp

Router(config)# access-list 15 permit host 10.15.15.15

Router(config)# mpls ldp explicit-null to 15

If you issue the show mpls forwarding-tablecommand, the output shows that explicit null labels are going only to the router specified in the access list.

Router# show mpls forwarding-table

 

 

 

Local

Outgoing

Prefix

Bytes label Outgoing

Next Hop

label

label or VC or Tunnel Id

switched

interface

 

19

Pop tag

10.12.12.12/32

0

Fa2/1/0

172.16.0.1

22

0

10.14.14.14/32

0

Fa2/0/0

192.168.0.2

23

0

172.24.24.24/32

0

Fa2/0/0

192.168.0.2

24

0

192.168.0.0/8

0

Fa2/0/0

192.168.0.2

25

0

10.15.15.15/32

0

Fa2/0/0

192.168.0.2

26

0

172.16.0.0/8

0

Fa2/0/0

192.168.0.2

27

25

10.16.16.16/32

0

Fa2/0/0

192.168.0.22

28

0

10.34.34.34/32

0

Fa2/0/0

192.168.0.2

Enabling explicit-null with both the forand tokeywords enables you to specify which routes to advertise with explicit-null labels and to which adjacent routers to advertise these explicit-null labels.

Router# show access 15 Standard IP access list 15

permit 10.15.15.15 (7 matches) Router# show access 24

Standard IP access list 24

permit 10.24.24.24 (11 matches) Router# configure terminal Router(config)# mpls label protocol ldp Router(config)# mpls ldp explicit-null for 24 to 15

If you issue the show mpls forwarding-tablecommand on the router called 47K-60-4, the output shows that it receives explicit null labels for 10.24.24.24/32.

Router# show mpls forwarding-table

 

 

 

Local

Outgoing

Prefix

Bytes label Outgoing

Next Hop

label

label or VC or Tunnel Id

switched

interface

 

17

0 <---

10.24.24.24/32

0

Et4

172.16.0.1

20

Pop tag

172.16.0.0/8

0

Et4

172.16.0.1

21

20

10.12.12.12/32

0

Et4

172.16.0.1

22

16

10.0.0.0/8

0

Et4

172.16.0.1

23

21

10.13.13.13/32

0

Et4

172.16.0.1

25

Pop tag

10.14.14.14/32

0

Et4

172.16.0.1

27

Pop tag

192.168.0.0/8

0

Et4

172.16.0.1

28

25

10.16.16.16/32

0

Et4

172.16.0.1

29

Pop tag

192.168.34.34/32

0

Et4

172.16.0.1

Protecting Data Between LDP Peers with MD5 Authentication

You can enable authentication between two LDP peers, which verifies each segment sent on the TCP connection between the peers. You must configure authentication on both LDP peers using the same password; otherwise, the peer session is not established.

Authentication uses the Message Digest 5 (MD5) algorithm to verify the integrity of the communication and authenticate the origin of the message.

To enable authentication, issue the mpls ldp neighborcommand with the passwordkeyword. This causes the router to generate an MD5 digest for every segment sent on the TCP connection and check the MD5 digest for every segment received from the TCP connection.

When you configure a password for an LDP neighbor, the router tears down existing LDP sessions and establishes new sessions with the neighbor.

MPLS LDP Configuration Guide, Cisco IOS Release 12.4

18

Page 24
Image 24
Cisco Systems 12.4 manual Protecting Data Between LDP Peers with MD5 Authentication

12.4 specifications

Cisco Systems has consistently been at the forefront of networking technology, and one of its notable software releases is IOS version 12.4. This version introduced significant enhancements and features that continue to influence networking practices. IOS 12.4 was specifically designed to accommodate the growing demands of network reliability, scalability, and advanced functionalities.

One of the primary characteristics of IOS 12.4 is its enhanced security features. The version integrates advanced security protocols, including improvements in IPsec, which allows for secure communication across potentially insecure networks. Additionally, it supports firewall technologies and access control lists (ACLs), ensuring that organizations can implement stringent security measures tailored to their traffic requirements.

Another defining feature of IOS 12.4 is its support for IPv6. As the internet continued to grow, the need for expanded address space became critical. With IOS 12.4, Cisco provided robust capabilities for transitioning from IPv4 to IPv6, ensuring that network managers could adopt the newer standard without sacrificing performance or reliability. This included support for routing protocols and other networking functions that were essential in an IPv6 environment.

Performance improvements were also a key aspect of IOS 12.4. The release optimized routing protocols, including Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF), to enhance convergence times and reduce latency. This effectively contributed to improved network efficiency and uptime.

Cisco also included advanced Quality of Service (QoS) capabilities in IOS 12.4, allowing organizations to prioritize critical traffic. Features such as class-based weighted fair queuing and low-latency queuing became invaluable for organizations requiring seamless voice and video communications over IP networks. This focus on QoS demonstrated Cisco's understanding of the growing importance of multimedia applications in modern business environments.

With a set of stable and scalable routing features, IOS 12.4 supports a variety of platforms, enabling businesses to deploy it across different networking hardware to suit their needs. The modularity of this IOS version makes it flexible for various applications, from small business networks to large enterprise systems.

In summary, Cisco Systems' IOS 12.4 brought forth a wealth of features aimed at enhancing security, performance, and flexibility. Through improved routing capabilities, strong IPv6 support, and advanced QoS features, this version laid the foundation for many of the networking principles that organizations still utilize today.